W3C home > Mailing lists > Public > public-webrtc@w3.org > January 2014

Re: Cross origin screensharing

From: Justin Uberti <juberti@google.com>
Date: Tue, 21 Jan 2014 11:32:41 -0800
Message-ID: <CAOJ7v-0jZ9_xcdvtVOs3rB-WTZc5k40mrkbTeeKBHOF8EshaUA@mail.gmail.com>
To: cowwoc <cowwoc@bbs.darktech.org>
Cc: "public-webrtc@w3.org" <public-webrtc@w3.org>
Indeed, hence "defense in depth" (i.e. you still need to pick a window for
sharing from the chooser)


On Sun, Jan 19, 2014 at 9:42 PM, cowwoc <cowwoc@bbs.darktech.org> wrote:

> On 14/01/2014 12:31 PM, Martin Thomson wrote:
>
>> On 14 January 2014 05:23, Dominique Hazael-Massieux <dom@w3.org> wrote:
>>
>>> How about tying this to CORS? If you already grant cross-origin access
>>> to your Web content via CORS, can it be inferred you're happy to share
>>> its content via screen sharing?
>>>
>> That doesn't really work in that the iframe (or other cross origin
>> content) is acquired without the CORS preflight.  I was thinking
>> Frame-Options actually.
>>
>>
> Amusing read about browser extensions: http://www.reddit.com/r/IAmA/
> comments/1vjj51/i_am_one_of_the_developers_of_a_popular_chrome/
>
> By the time you notice that an extension has become malicious, over 700k
> users could have had their banking records stolen. Point is: hiding
> security-sensitive features behind extensions does not (on its own) ensure
> security.
>
> Gili
>
>
Received on Tuesday, 21 January 2014 19:33:29 UTC

This archive was generated by hypermail 2.3.1 : Monday, 23 October 2017 15:19:37 UTC