- From: Harald Alvestrand <harald@alvestrand.no>
- Date: Tue, 1 Mar 2016 11:57:44 +0100
- To: "public-media-capture@w3.org" <public-media-capture@w3.org>
As you may have noticed, we've merged this PR: https://github.com/w3c/mediacapture-main/pull/313 This declares that cross-origin iframes normally do NOT have access to media devices at all, but that if the including page wants them to have it, the including page can allow that by setting the "allowusermedia" attribute on the iframe. Our read of the discussion was that the TF's rough consensus was: a) being explicit about delegation of access to powerful features is better than trying to be smart about it b) If we're explict about granting access, the default needs to be "no", since otherwise, people will delegate access without realizing they have done so c) if we want explicit delegation, we'd better get the spec out *soon* - the number of sites that depend on implicit delegation now is probably small, and certainly smaller than the number of sites that will depend on it a year from now if we do nothing. Thus, we merged this. This does NOT mean that all discussions about access are done - among other things, there's a proposal "out there" (referred to elsewhere as "the floating proposal") that will change the logic of prompts for permission so that all permission prompts refer to the top-level context, not the iframe's context. This change will play well with that proposal, but doesn't mean that we've determined a consensus one way or the other on that proposal. Discussion on that is still open. Harald, for the chairs
Received on Tuesday, 1 March 2016 10:58:16 UTC