- From: Jan-Ivar Bruaroey via GitHub <sysbot+gh@w3.org>
- Date: Fri, 02 Apr 2021 01:36:48 +0000
- To: public-webrtc-logs@w3.org
@camillelamy thanks for the concise writeup! I think I agree with most of it. > Our main issue with this solution is that it ends up mixing two concepts in the same COEP header: the policy to apply to the resources a document embed and an opt-in for APIs. If it helps, I still see it as a policy applied to iframes, creating different (risk) environments, not tied to any one feature, much like it's not called `COEP: shared-array-buffer` today. Consider if we renamed it: `COEP: require-corp; require-non-opaque`. I.e. pages opt into different risks, enabling one or perhaps more features like *getViewportMedia*. But I'll concede that the original premise behind COEP might have been solely to create *less* risky environments. cc @annevk -- GitHub Notification of comment by jan-ivar Please view or discuss this issue at https://github.com/w3c/mediacapture-screen-share/issues/155#issuecomment-812269225 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Friday, 2 April 2021 01:36:50 UTC