Re: [mediacapture-main] risk model of stored permissions and constraint opportunities (#991)

IIUC, this issue can be summarized as:
> [Not a real quote. Paraphrasing.]
> When the user grants a permission, that permission is keyed on the top-level, and is shared by all embedded documents that the embedder allowlists. That permission may be delegated to a cross-origin iframe without the user's express permission, possibly even without the user's knowledge.

1. Did I get that right?
2. Is this special to mic/camera in any way that justifies special-casing by the Media Capture and Streams spec rather than general treatment by the Permissions Policy spec?

-- 
GitHub Notification of comment by eladalon1983
Please view or discuss this issue at https://github.com/w3c/mediacapture-main/issues/991#issuecomment-1978306618 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Tuesday, 5 March 2024 09:24:26 UTC