W3C home > Mailing lists > Public > public-secondscreen@w3.org > September 2017

Re: [presentation-api] Forced 1-UA mode for documents or frames

From: Google <sysbot+gh@w3.org>
Date: Thu, 21 Sep 2017 21:33:42 +0000
To: public-secondscreen@w3.org
Message-ID: <issue_comment.created-331288372-1506029611-sysbot+gh@w3.org>

There is a third requirement which is related to the above.  We've found that some controlling pages have authentication state in its cookie jar that can't be shared with the presentation (for security reasons, or because it owned by other origins).  This makes it difficult for the presentation to obtain the necessary resources.

- The first approach (forced 1-UA) could also allow sharing of part of the cookie jar and other local storage for certain origins.
- The second approach (offscreen frame) would also address this requirement since the presentation is part of the same document.

In either scenario, reconnection to the presentation doesn't make sense or seems problematic from a security point of view.

Note that [Media Capture from Element](https://w3c.github.io/mediacapture-fromelement/), along with WebRTC, allows a limited form of the second approach.

I'll be able to share some feedback on this from developers and possibly concrete proposals at TPAC.

GitHub Notification of comment by mfoltzgoogle
Please view or discuss this issue at https://github.com/w3c/presentation-api/issues/347#issuecomment-331288372 using your GitHub account
Received on Thursday, 21 September 2017 21:33:34 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:19:03 UTC