W3C home > Mailing lists > Public > public-webappsec@w3.org > December 2013

Re: New uri type for language around blob, filesystem...

From: Jon Buckley <jon@jbuckley.ca>
Date: Tue, 3 Dec 2013 00:55:06 -0500
Message-Id: <BF14347B-976B-46B6-ABB2-BE652F8D0096@jbuckley.ca>
To: public-webappsec@w3.org
I just ran into this today when I was trying to figure out why getUserMedia wasnít working with Content Security Policy.

I wrote up a series of media-src testcases with getUserMedia. You can run them in your browser at http://csp-and-gum.herokuapp.com/ and you can see the source code at https://github.com/jbuck/csp-and-gum

To have getUserMedia work with CSP in Chrome and Firefox I needed to set my policy to "media-src: 'self' mediastream:Ē

Iíve documented the mediastream: type on MDN at https://developer.mozilla.org/en-US/docs/Security/CSP/CSP_policy_directives#Data but it probably should be documented in the spec as well, because it wasnít documented at all from Goggling for my specific issue.

Received on Tuesday, 3 December 2013 07:01:39 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 14:54:03 UTC