W3C home > Mailing lists > Public > public-webrtc-logs@w3.org > September 2019

Re: [webrtc-pc] Disallow serialization of RTCCertificate except for storage. (#2297)

From: Anne van Kesteren via GitHub <sysbot+gh@w3.org>
Date: Thu, 12 Sep 2019 12:11:46 +0000
To: public-webrtc-logs@w3.org
Message-ID: <issue_comment.created-530796910-1568290304-sysbot+gh@w3.org>
CORS affects networking, not JavaScript access.

If you use `document.domain` though you'd be able to store an object from a different origin (but same site) in your origin. But you'd also have direct access to that object in that case.

The other potential problem here is that folks might use these objects with `postMessage()` and that would no longer work. Are all user agents on board with implementing that? Is there test coverage to ensure they do?

-- 
GitHub Notification of comment by annevk
Please view or discuss this issue at https://github.com/w3c/webrtc-pc/pull/2297#issuecomment-530796910 using your GitHub account
Received on Thursday, 12 September 2019 12:11:47 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:22:28 UTC