W3C home > Mailing lists > Public > public-media-capture@w3.org > September 2014

Re: getUserMedia() and authenticated origins

From: Harald Alvestrand <harald@alvestrand.no>
Date: Mon, 29 Sep 2014 14:39:23 +0200
Message-ID: <542952FB.9050909@alvestrand.no>
To: public-media-capture@w3.org

I note that almost every statement you've made in this thread is in the 
form of a question.
It's actually hard to tell from your questions what you see as a problem.

I suggest that you might want to draw up a note of the form:

- Given that getUserMedia is available to HTTP origins
- The following bad thing can happen
- There's no way to defend against it (for HTTP)
- and I think that's such a Bad Thing that it is worth ditching present 
uses of HTTP to prevent it

It might be easier to have a discussion on that basis than to figure out 
what the questions mean.

Den 29. sep. 2014 13:34, skrev Anne van Kesteren:
> On Wed, Sep 10, 2014 at 3:32 PM, Shwetank Dixit <shwetankd@opera.com> wrote:
>> To add to the point, someone can make an app using gUM without even
>> involving any other part of WebRTC (like peerconnection or datachannels) ...
>> so, a gUM app doesn't always have to be about *communication*.  Considering
>> such cases, I think it's fair to allow it to be using http.
> Given that operators are not afraid of injecting content into HTTP,
> what would stop such an injection from sharing data made available
> from getUserMedia()?
Received on Monday, 29 September 2014 12:39:54 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 16:26:30 UTC