- From: Stefan Håkansson LK <stefan.lk.hakansson@ericsson.com>
- Date: Fri, 5 Feb 2016 14:35:04 +0000
- To: Martin Thomson <martin.thomson@gmail.com>
- CC: jan-ivar via GitHub <sysbot+gh@w3.org>, "public-media-capture@w3.org" <public-media-capture@w3.org>
On 05/02/16 12:29, Martin Thomson wrote: > On 5 February 2016 at 17:34, Stefan Håkansson LK > <stefan.lk.hakansson@ericsson.com> wrote: >> Martin, could you provide a pointer to (some description of) that proposal? > > https://docs.google.com/document/d/1iaocsSuVrU11FFzZwy7EnJNOwxhAHMroWSOEERw5hO0/edit Thanks. > > (apologies for not sending earlier, I was mobile) No problem. > > I get the sense that there is still a lot of work to do on this idea. > The potential for breakage is quite large. It seems to me that the essence of the "floating idea" is that only the top level origin should be shown in user prompts (even if the request to use certain resources is made by an iFrame). This seems mostly in line with PR #313. IIUC, #313 adds that any page embedding an iFrame must deliberately set the allowusermedia attribute for that iFrame to be able to ask for user media. And if it is the top level origin only that will be shown in the user prompt, it makes total sense to me if the top level origin can prohibit an iFrame to ask for user media. There is a part in #313 that would go away: it is said that the iframe "needs to identify itself in the security prompt presented to the user.", and that would go away. But to me #313 seems sensible for now, we can remove that part later if the "floating idea" is adopted. >
Received on Friday, 5 February 2016 14:35:36 UTC