W3C home > Mailing lists > Public > public-webrtc@w3.org > January 2014

Cross origin screensharing (was: What is missing for building "real" services?)

From: Dominique Hazael-Massieux <dom@w3.org>
Date: Tue, 14 Jan 2014 14:23:11 +0100
Message-ID: <1389705791.4408.98.camel@cumulustier>
To: Martin Thomson <martin.thomson@gmail.com>
Cc: Tim Panton new <thp@westhawk.co.uk>, Silvia Pfeiffer <silviapfeiffer1@gmail.com>, Jan-Ivar Bruaroey <jib@mozilla.com>, public-webrtc <public-webrtc@w3.org>, Alexandre Gouaillard <agouaillard@gmail.com>, Randell Jesup <randell-ietf@jesup.org>
On lun., 2014-01-13 at 10:13 -0800, Martin Thomson wrote:
> That's somewhat attractive, but I'm not sure that that is a good idea.
>  We haven't proven unequivocally that http: pages don't contain
> sensitive content.
> 
> Sure, you can argue that there is nothing that an active attacker
> can't already get, but that's a little different to what we're getting
> here.

How about tying this to CORS? If you already grant cross-origin access
to your Web content via CORS, can it be inferred you're happy to share
its content via screen sharing?

Dom
Received on Tuesday, 14 January 2014 13:23:38 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 15:19:37 UTC