Re: [presentation-api] Receiving browsing context needs additional flags set from Mark Foltz via GitHub on 2017-03-23 (public-secondscreen@w3.org from March 2017)

From: Mark Foltz via GitHub <sysbot+gh@w3.org>
Date: Thu, 23 Mar 2017 06:14:50 +0000
To: public-secondscreen@w3.org
Message-ID: <issue_comment.created-288627018-1490249689-sysbot+gh@w3.org>

Following up on a couple of items to close out loose threads:

- Checking our implementation briefly, I believe that we can apply the _sandboxed top-level navigation browsing context flag_ on a top-level receiving browsing context.  This is in part because CSP Level 3 allows resources fetched with CSP to be sandboxed as well, including top-level resources [1].  We'll know for sure when we actually implement this [2].

- I will send a PR to add the non-normative text suggested by @tidoust in https://github.com/w3c/presentation-api/issues/414#issuecomment-283591125.

- I will see if there are any reported incompatibilities with using the History API in a sandboxed `<iframe>`, or, failing that, can whip up a demo.

- Regarding HTTP Auth, I believe Chrome will block that as part of other modal dialogs (and presumably fail the authentication request).  Will check as part of fixing the implementation here.

[1] https://www.w3.org/TR/CSP/#directive-sandbox
[2] https://bugs.chromium.org/p/chromium/issues/detail?id=697526

-- 
GitHub Notification of comment by mfoltzgoogle
Please view or discuss this issue at https://github.com/w3c/presentation-api/issues/414#issuecomment-288627018 using your GitHub account

Received on Thursday, 23 March 2017 06:14:56 UTC