W3C home > Mailing lists > Public > public-webrtc-logs@w3.org > June 2020

Re: [mediacapture-main] getUserMedia can be used to detect capabilities without permissions (#697)

From: Jan-Ivar Bruaroey via GitHub <sysbot+gh@w3.org>
Date: Thu, 18 Jun 2020 14:08:14 +0000
To: public-webrtc-logs@w3.org
Message-ID: <issue_comment.created-646043009-1592489293-sysbot+gh@w3.org>
We've discussed this in the past, and we decided trackers would not risk a prompt.

In the [spec](https://w3c.github.io/mediacapture-main/getusermedia.html#dom-mediadevices-getusermedia), we neutered the `error.contraint` property ahead of permission to mitigate the attack where multiple failing constraints are used: *"Run the ApplyConstraints algorithm on all tracks in stream with the appropriate constraints. Should this fail, let failedConstraint be the result of the algorithm that failed if device information can be exposed is true, or undefined otherwise"*

GitHub Notification of comment by jan-ivar
Please view or discuss this issue at https://github.com/w3c/mediacapture-main/issues/697#issuecomment-646043009 using your GitHub account
Received on Thursday, 18 June 2020 14:08:16 UTC

This archive was generated by hypermail 2.4.0 : Saturday, 6 May 2023 21:19:51 UTC