Re: getUserMedia() and authenticated origins

On 08/09/14 19:25, Anne van Kesteren wrote:
> Is it true that the only reason we are not requiring an authenticated
> origin for getUserMedia() is that it might break tests or demos? Tests
> or demos do not usually influence design choices.

No, I don't think that is true at all, in fact I do not remember that 
tests were mentioned at all as a reason when the design was made.

Allowing plain http domains to ask for access to media devices is 
discussed a lot in [1], including API and UI requirements. Specifically 
it is said that

"Implementations MAY also opt to refuse all permissions grants for HTTP 
origins, but it is RECOMMENDED that currently they support one-time 
camera/microphone access."

Stefan


[1] 
http://datatracker.ietf.org/doc/draft-ietf-rtcweb-security-arch/?include_text=1

>
>


Received on Wednesday, 10 September 2014 08:07:42 UTC