- From: Jan-Ivar Bruaroey via GitHub <sysbot+gh@w3.org>
- Date: Tue, 15 Dec 2020 01:05:21 +0000
- To: public-webrtc-logs@w3.org
jan-ivar has just created a new issue for https://github.com/w3c/mediacapture-screen-share: == Let pages opt-in to capture. == Compared to native, capturing a web page has been plagued by [security concerns](https://blog.mozilla.org/webrtc/share-browser-windows-entire-screen-sites-trust/) since this spec's inception. Can we imagine a web that's safer to screen-capture, similar to a [web where `SharedArrayBuffer` is safer to use](https://web.dev/why-coop-coep/#coep)? What if we came across a page that met these conditions? We could remove restrictions added for the legacy web, both for some choices in the existing `getDisplayMedia` and new APIs like the proposed `getTabMedia`. One idea for such opt-in is `Cross-Origin-Embedder-Policy: require-corp; html-capture` covered in slides [here](https://docs.google.com/presentation/d/1CeNeno5XuDhm1mpnVyE9eT14YKZgZUtgQsJfC8uqEpA/edit?ts=5fc7fcd2#slide=id.g786a1abc5c_1_94). I'm opening an issue to discuss this independent of those APIs. Note it only covers the cross-origin issue. Permissions are still needed to cover user information harvesting. I've also created a [COEP playground](https://marvelous-interesting-vessel.glitch.me/require-corp ) in [glitch](https://glitch.com/edit/#!/marvelous-interesting-vessel) for those unfamiliar with the concept and want to experiment with it. Please view or discuss this issue at https://github.com/w3c/mediacapture-screen-share/issues/155 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Tuesday, 15 December 2020 01:05:23 UTC