Re: [w3ctag/design-reviews] "credentialless" embedder policy. (#582) from Ryosuke Niwa on 2021-01-27 (public-webapps-github@w3.org from January 2021)

From: Ryosuke Niwa <notifications@github.com>
Date: Wed, 27 Jan 2021 14:30:15 -0800
To: w3ctag/design-reviews <design-reviews@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3ctag/design-reviews/issues/582/768621340@github.com>

I don't think credential is the only issue here. Given the pervasiveness of home router and other services like IoT providing security & privacy sensitive (e.g. web cam, photos, geo location, etc...) information over web interface, I don't think we can let cross-origin content be loaded from local network as [@annevk pointed out earlier](https://github.com/w3ctag/design-reviews/issues/582#issuecomment-768088711). Do most consumer routers even implement RFC1918?

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/582#issuecomment-768621340

Received on Wednesday, 27 January 2021 22:30:27 UTC