Re: Presentation API in non secure contexts

On Mon, Jan 23, 2017 at 11:46 PM, Anne van Kesteren <annevk@annevk.nl>
wrote:

> On Tue, Jan 24, 2017 at 8:29 AM, Frederik Braun <fbraun@mozilla.com>
> wrote:
> > Also, note that a user giving permission to a site in a non-secure
> > context will be surprised to note that this permission is leaking all
> > over the public wifis he's using.
>

Can you explain what you mean by "permission leaking" more specifically?
How does selecting a presentation display on one network "leak" to a
different network where the screen is no longer accessible?


> >
> > I wonder if a permission prompt on non-secure contexts is useful at all.
>
> I think doing such prompts on non-secure contexts devalues the overall
> security of prompts. Assuming that the user is carefully making the
> distinction and weighing their options is just not something we know
> to be true.
>

That's a fair point and weighs in favor of the restriction.

m.

Received on Wednesday, 25 January 2017 18:16:58 UTC