W3C home > Mailing lists > Public > public-secondscreen@w3.org > February 2017

Re: [presentation-api] Authenticity of screen selection permission is problematic in insecure contexts

From: Anssi Kostiainen via GitHub <sysbot+gh@w3.org>
Date: Tue, 14 Feb 2017 19:35:09 +0000
To: public-secondscreen@w3.org
Message-ID: <issue_comment.created-279811534-1487100906-sysbot+gh@w3.org>
>Implementations have shipped in insecure contexts for some time, so 
there's a question of how willing we are to break existing Web 

@mfoltzgoogle You're raising an important point regarding 
compatibility with existing web content. Do we have telemetry data?

To mitigate, I'd expect implementations to log warnings (to developer 
console) on non-secure use over a period of possibly multiple major 
releases, before disabling. Alternatively or in addition, display a 
user facing warning that requires active user consent. This is up to 
each implementation, however. Your Enemel team's recommendation would 
be good to hear.

GitHub Notification of comment by anssiko
Please view or discuss this issue at 
 using your GitHub account
Received on Tuesday, 14 February 2017 19:35:15 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 14 February 2017 19:35:15 UTC