Re: [webrtc-pc] Disallow serialization of RTCCertificate except for storage. (#2297) from Anne van Kesteren via GitHub on 2019-09-12 (public-webrtc-logs@w3.org from September 2019)

From: Anne van Kesteren via GitHub <sysbot+gh@w3.org>
Date: Thu, 12 Sep 2019 12:11:46 +0000
To: public-webrtc-logs@w3.org
Message-ID: <issue_comment.created-530796910-1568290304-sysbot+gh@w3.org>

CORS affects networking, not JavaScript access.

If you use `document.domain` though you'd be able to store an object from a different origin (but same site) in your origin. But you'd also have direct access to that object in that case.

The other potential problem here is that folks might use these objects with `postMessage()` and that would no longer work. Are all user agents on board with implementing that? Is there test coverage to ensure they do?

-- 
GitHub Notification of comment by annevk
Please view or discuss this issue at https://github.com/w3c/webrtc-pc/pull/2297#issuecomment-530796910 using your GitHub account

Received on Thursday, 12 September 2019 12:11:47 UTC