- From: Jan-Ivar Bruaroey via GitHub <sysbot+gh@w3.org>
- Date: Thu, 22 Oct 2020 13:37:40 +0000
- To: public-webrtc-logs@w3.org
> It would be annoying to have to prompt if all content is under your control or have CORS support or isn't a taintet canvas element @jimmywarting Even [same-origin-plus-COEP](https://html.spec.whatwg.org/multipage/origin.html#coop-same-origin-plus-coep) has an opt-in mechanism. We'd need something stronger since rendering a cross-origin document is different from reading it. E.g. something like this`Cross-Origin-Embedder-Policy: disallow`. And even then it would need permission, since rendering contains private information, such as: - link purpling (browser history) - form autofill (address, credit card info) - extensions (e.g. lastpass) - file input element sometimes contains private info These risks are hard to explain to users in a prompt. -- GitHub Notification of comment by jan-ivar Please view or discuss this issue at https://github.com/w3c/mediacapture-screen-share/issues/145#issuecomment-714499815 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Thursday, 22 October 2020 13:37:42 UTC