- From: Stefan Håkansson LK <stefan.lk.hakansson@ericsson.com>
- Date: Wed, 10 Sep 2014 08:07:09 +0000
- To: Anne van Kesteren <annevk@annevk.nl>, "public-media-capture@w3.org" <public-media-capture@w3.org>
On 08/09/14 19:25, Anne van Kesteren wrote: > Is it true that the only reason we are not requiring an authenticated > origin for getUserMedia() is that it might break tests or demos? Tests > or demos do not usually influence design choices. No, I don't think that is true at all, in fact I do not remember that tests were mentioned at all as a reason when the design was made. Allowing plain http domains to ask for access to media devices is discussed a lot in [1], including API and UI requirements. Specifically it is said that "Implementations MAY also opt to refuse all permissions grants for HTTP origins, but it is RECOMMENDED that currently they support one-time camera/microphone access." Stefan [1] http://datatracker.ietf.org/doc/draft-ietf-rtcweb-security-arch/?include_text=1 > >
Received on Wednesday, 10 September 2014 08:07:42 UTC