Re: [presentation-api] Authenticity of screen selection permission is problematic in insecure contexts from Anssi Kostiainen via GitHub on 2017-02-14 (public-secondscreen@w3.org from February 2017)

From: Anssi Kostiainen via GitHub <sysbot+gh@w3.org>
Date: Tue, 14 Feb 2017 19:35:09 +0000
To: public-secondscreen@w3.org
Message-ID: <issue_comment.created-279811534-1487100906-sysbot+gh@w3.org>

>Implementations have shipped in insecure contexts for some time, so 
there's a question of how willing we are to break existing Web 
content.

@mfoltzgoogle You're raising an important point regarding 
compatibility with existing web content. Do we have telemetry data?

To mitigate, I'd expect implementations to log warnings (to developer 
console) on non-secure use over a period of possibly multiple major 
releases, before disabling. Alternatively or in addition, display a 
user facing warning that requires active user consent. This is up to 
each implementation, however. Your Enemel team's recommendation would 
be good to hear.

-- 
GitHub Notification of comment by anssiko
Please view or discuss this issue at 
https://github.com/w3c/presentation-api/issues/380#issuecomment-279811534
 using your GitHub account

Received on Tuesday, 14 February 2017 19:35:15 UTC