[mediacapture-screen-share] Should top-level transient activation be sufficient for `getDisplayMedia()` on cross-origin iframes with allow="display-capture"? (#167) from Karl Tomlinson via GitHub on 2021-04-15 (public-webrtc-logs@w3.org from April 2021)

From: Karl Tomlinson via GitHub <sysbot+gh@w3.org>
Date: Thu, 15 Apr 2021 08:35:06 +0000
To: public-webrtc-logs@w3.org
Message-ID: <issues.opened-858639470-1618475704-sysbot+gh@w3.org>

karlt has just created a new issue for https://github.com/w3c/mediacapture-screen-share:

== Should top-level transient activation be sufficient for `getDisplayMedia()` on cross-origin iframes with allow="display-capture"? ==
This [came up](https://bugzilla.mozilla.org/show_bug.cgi?id=1704278) when we added the transient activation requirement to Gecko.  The data flow affected was "click handler in main document" -> `iframe.contentWindow.postMessage()` -> "`getDisplayMedia()` inside iframe".  The gesture in the top-level Document [does not affect](https://html.spec.whatwg.org/multipage/interaction.html#activation-notification) cross-origin descendant Documents.

I assume the purpose of the transient activation test is to require a user gesture and the precise location of the user gesture is not important?
If so, then checking for transient activation on the top-level Window instead of on the relevant global object is an option to allow this use case.

Would any host Document want to grant a cross-origin iframe "display-capture" permission but restrict its `getDisplayMedia()` calls to a user gesture specifically on the iframe?

Please view or discuss this issue at https://github.com/w3c/mediacapture-screen-share/issues/167 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Thursday, 15 April 2021 08:35:12 UTC