Re: [webrtc-pc] Disallow serialization of RTCCertificate except for storage. (#2297)

CORS affects networking, not JavaScript access.

If you use `document.domain` though you'd be able to store an object from a different origin (but same site) in your origin. But you'd also have direct access to that object in that case.

The other potential problem here is that folks might use these objects with `postMessage()` and that would no longer work. Are all user agents on board with implementing that? Is there test coverage to ensure they do?

GitHub Notification of comment by annevk
Please view or discuss this issue at using your GitHub account

Received on Thursday, 12 September 2019 12:11:47 UTC