- From: Stefan Håkansson LK <stefan.lk.hakansson@ericsson.com>
- Date: Fri, 4 Dec 2015 07:02:39 +0000
- To: Martin Thomson <martin.thomson@gmail.com>, Adam Bergkvist <adam.bergkvist@ericsson.com>
- CC: "public-media-capture@w3.org" <public-media-capture@w3.org>
On 04/12/15 06:04, Martin Thomson wrote: > The options would seem to be: > > 1. do nothing > 2. add an allow-usermedia label to the sandbox attribute, which would > block gUM calls if sandboxing was enabled, but leave it enabled > otherwise > 3. add a disallow-usermedia label to the sandbox attribute, which > would block gUM calls only if the attribute and label were present > 4. disable gUM by default and require the use of a new allow-usermedia > attribute to enable it > > Note that 3 is quite irregular in that the sandbox attribute only has > "allow-x" labels currently. > > I think that 2 is simplest. It's least disruptive to existing uses, > while giving sites a way to prevent misuse. However, 4 is the most > privacy-preserving and I can see a fairly good argument for it. This is where I end up too. It would be good to know many apps would break by going with 4. If very few, 4 seems most compelling to me, but if not 2 seems like the logical path. > > Of course, choosing option 2 is easier if we choose option 4 for issue > #267 (i.e., we key permissions on both top-level and iframe origin). I agree. > > On 3 December 2015 at 22:26, Adam Bergkvist <adam.bergkvist@ericsson.com> wrote: >> Hi >> >> To make the discussion is this issue [1] more visible we move it to the >> list. >> >> [1] https://github.com/w3c/mediacapture-main/issues/268 >> > >
Received on Friday, 4 December 2015 07:03:12 UTC