- From: Jan-Ivar Bruaroey via GitHub <sysbot+gh@w3.org>
- Date: Thu, 28 May 2020 19:04:18 +0000
- To: public-webrtc-logs@w3.org
> I am not sure feature policy is really about user consent. It's [Permissions Policy](https://w3c.github.io/webappsec-feature-policy/) now, and seems explicitly about user consent. Specifically: it solves the question of to whom consent is to be granted. Most browsers have adopted a top-level domain trust model by now, putting the onus on sites to delegate trust to iframes. If we don't require explicit delegation of said trust, that doesn't work. > other APIs like presentation API or webkitShowPlaybackTargetPicker do not have a dedicated feature policy (maybe they should). I'd say yes they should. Otherwise who's asking? > webkitShowPlaybackTargetPicker gets consent from a device picker. What origin does it say is asking? Even if it doesn't say, I think most users would assume it's from the top-level domain they're on. I don't think users are well-served if we let any drive-by ad-frame masquerade as the top-level domain. -- GitHub Notification of comment by jan-ivar Please view or discuss this issue at https://github.com/w3c/mediacapture-output/issues/91#issuecomment-635537855 using your GitHub account
Received on Thursday, 28 May 2020 19:04:22 UTC