W3C home > Mailing lists > Public > public-webrtc@w3.org > January 2014

Re: Cross origin screensharing

From: cowwoc <cowwoc@bbs.darktech.org>
Date: Mon, 20 Jan 2014 00:42:23 -0500
Message-ID: <52DCB73F.4060802@bbs.darktech.org>
To: public-webrtc@w3.org
On 14/01/2014 12:31 PM, Martin Thomson wrote:
> On 14 January 2014 05:23, Dominique Hazael-Massieux <dom@w3.org> wrote:
>> How about tying this to CORS? If you already grant cross-origin access
>> to your Web content via CORS, can it be inferred you're happy to share
>> its content via screen sharing?
> That doesn't really work in that the iframe (or other cross origin
> content) is acquired without the CORS preflight.  I was thinking
> Frame-Options actually.
>

Amusing read about browser extensions: 
http://www.reddit.com/r/IAmA/comments/1vjj51/i_am_one_of_the_developers_of_a_popular_chrome/

By the time you notice that an extension has become malicious, over 700k 
users could have had their banking records stolen. Point is: hiding 
security-sensitive features behind extensions does not (on its own) 
ensure security.

Gili
Received on Monday, 20 January 2014 05:43:24 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 15:19:37 UTC