On Wed, Sep 4, 2013 at 12:31 AM, Anne van Kesteren <annevk@annevk.nl> wrote:
> On Tue, Sep 3, 2013 at 1:25 PM, Robert O'Callahan <robert@ocallahan.org>
> wrote:
> > The widget would not only have to be written by a third party, but
> actually
> > hosted on their domain. And not just optionally, but for some reason the
> > widget provider has decided not to allow the author to host it on their
> own
> > domain.
>
> That's fairly common though, consider eg YouTube.
>
Youtube hosts embedded players because they're playing Youtube's content,
not because Youtube's widget is particularly special. If you just want an
HTML5 video player app to wrap around your own content, you don't use
Youtube and you host it yourself.
> Sure, it could happen, but it seems somewhat far-fetched to me. On the
> other
> > hand, allowing MediaStream graphs to span domains could have potentially
> > far-reaching consequences. I don't see any need to rush into this.
>
> It's not entirely clear to me what you mean by this. Are these
> concerns specific to MediaStream and not applicable to Blob?
>
Yes. For example there are plans to enable some kind of "private mode" for
WebRTC MediaStreams that protects stream contents from inspection by the
page. I don't know exactly how this is going to work, but if we allow
MediaStreams to span domains it may get more complicated. More concretely,
in Gecko we have experimental code to pipe HTML media element output into
MediaStreams, so we already tag MediaStream data with origin information,
but it's implemented in such a way that getUserMedia from one domain would
be restricted in another domain (the other domain could render it in a
media element, but it would be treated as cross-origin and thus would taint
canvases it's drawn into, for example).
I think it may make sense to provide cross-origin MediaStream transfer at
some point in the future, but I think we have more important things to work
on first.
Rob
--
Jtehsauts tshaei dS,o n" Wohfy Mdaon yhoaus eanuttehrotraiitny eovni
le atrhtohu gthot sf oirng iyvoeu rs ihnesa.r"t sS?o Whhei csha iids teoa
stiheer :p atroa lsyazye,d 'mYaonu,r "sGients uapr,e tfaokreg iyvoeunr,
'm aotr atnod sgaoy ,h o'mGee.t" uTph eann dt hwea lmka'n? gBoutt uIp
waanndt wyeonut thoo mken.o w *
*