Cross origin screensharing (was: What is missing for building "real" services?)

On lun., 2014-01-13 at 10:13 -0800, Martin Thomson wrote:
> That's somewhat attractive, but I'm not sure that that is a good idea.
>  We haven't proven unequivocally that http: pages don't contain
> sensitive content.
> Sure, you can argue that there is nothing that an active attacker
> can't already get, but that's a little different to what we're getting
> here.

How about tying this to CORS? If you already grant cross-origin access
to your Web content via CORS, can it be inferred you're happy to share
its content via screen sharing?


Received on Tuesday, 14 January 2014 13:23:38 UTC