Re: CfC: only allow authenticated origins to call getUserMedia from Silvia Pfeiffer on 2014-10-09 (public-media-capture@w3.org from October 2014)

From: Silvia Pfeiffer <silviapfeiffer1@gmail.com>
Date: Thu, 9 Oct 2014 19:29:26 +1100
To: Anne van Kesteren <annevk@annevk.nl>
Cc: "public-media-capture@w3.org" <public-media-capture@w3.org>, Stefan Håkansson LK <stefan.lk.hakansson@ericsson.com>, Justin Uberti <juberti@google.com>
Message-ID: <CAHp8n2=H07tWodEYQ7Udb4+SEd5b6uVYtO_NPE70xfWMGfGdkQ@mail.gmail.com>

On Thu, Oct 9, 2014 at 12:28 AM, Anne van Kesteren <annevk@annevk.nl> wrote:
> On Wed, Oct 8, 2014 at 2:32 PM, Silvia Pfeiffer
> <silviapfeiffer1@gmail.com> wrote:
>> Can you explain how localhost is an authenticated origin? Does it mean that
>> we will continue to be able to develop on http://localhost but any other
>> property on http will fail gum by default?
>
> To answer your latter question first, yes. For the former, please see
> its definition:
> https://w3c.github.io/webappsec/specs/mixedcontent/#is-origin-authenticated

Nice! Is that implemented in browsers yet? And how can you test? (I'm
curious because I wasn't able to deduce it from the spec - I'm not
implying anything of consequence to this discussion.)

Thanks,
Silvia.

Received on Thursday, 9 October 2014 08:30:12 UTC