W3C home > Mailing lists > Public > public-secondscreen@w3.org > September 2017

[remote-playback] Restrict the API to Secure Contexts or discuss the decision in Security Considerations

From: Jeffrey Yasskin via GitHub <sysbot+gh@w3.org>
Date: Mon, 25 Sep 2017 17:31:18 +0000
To: public-secondscreen@w3.org
Message-ID: <issues.opened-260355687-1506360665-sysbot+gh@w3.org>
jyasskin has just created a new issue for https://github.com/w3c/remote-playback:

== Restrict the API to Secure Contexts or discuss the decision in Security Considerations ==
The web platform restricts most new features, and especially ones that involve asking the user a question, to [Secure Contexts](https://w3c.github.io/webappsec-secure-contexts/#integration-idl). It looks like Remote Playback [does](https://w3c.github.io/remote-playback/#user-interface-guidelines) intend to show the user an origin, which means it ought to only be available when that origin is known to be the source of the content.

If there are [reasons](https://groups.google.com/a/chromium.org/d/topic/blink-dev/lumj0lVdtHA/discussion) to provide the API to non-secure contexts anyway, they should show up in the Security Considerations section so that security reviewers know to think about them.

Please view or discuss this issue at https://github.com/w3c/remote-playback/issues/107 using your GitHub account
Received on Monday, 25 September 2017 17:31:10 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 17:19:03 UTC