- From: Elad Alon via GitHub <sysbot+gh@w3.org>
- Date: Tue, 05 Nov 2024 16:00:57 +0000
- To: public-webrtc-logs@w3.org
> As a compromise, I'm open to considering the inclusion of a permission prompt in the short term, provided we can agree that our long-term goal is to eliminate the need for it once adequate mitigations are in place. Thank you for proposing this compromise. It works for me. But to be perfectly clear - we agree to **explore** ways to eliminate the policy and/or prompt in the long-term, once we gain real-life data on users' and Web apps' behavior. If the policy and/or prompt are proven unnecessary, we will gladly remove them. But this long-term goal cannot block short-term API shapes that return a Promise, which is necessary for now (see below). > Once all browsers reach that level of confidence, we should be able to deprecate the permission or at least reduce its implementation cost. I agree. > what if @youennf's proposed API triggered a prompt and instant NotAllowedError? That is a completely unworkable solution. Please see [this comment](https://github.com/w3c/mediacapture-screen-share-extensions/issues/13#issuecomment-2438079096) for a list of the benefits of an async API that returns a Promise. (There are three quote-response pairs in that comment. I am referring to the middle one.) > I'm glad we agree that serious click-jacking concerns remain with this API. We do _not_ agree about that, but since [you propose a compromise](https://github.com/w3c/mediacapture-screen-share-extensions/issues/14#issuecomment-2447910745) which I support - starting with a prompt and considering its removal later - we can bench this discussion. -- GitHub Notification of comment by eladalon1983 Please view or discuss this issue at https://github.com/w3c/mediacapture-screen-share-extensions/issues/14#issuecomment-2457572677 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Tuesday, 5 November 2024 16:00:58 UTC