- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Tue, 26 Nov 2013 15:52:56 -0800
- To: cowwoc <cowwoc@bbs.darktech.org>
- Cc: Justin Uberti <juberti@google.com>, "public-webrtc@w3.org" <public-webrtc@w3.org>
On 26 November 2013 15:46, cowwoc <cowwoc@bbs.darktech.org> wrote: > If the default is "don't share" (similar to CORS) then I don't think this > approach scales. If the choice here is between "some sites don't work" and "user's get screwed and don't understand why", I think that I know where I stand. There is a possibility that the default for the top-level frame can be made permissive. That's something that might need some extra thought. I don't think that you can say that iframes are ever safe to allow.
Received on Tuesday, 26 November 2013 23:53:24 UTC