Well, I don't see a problem with a change in behavior that only takes effect when a CSP directive is set... -Ekr On Mon, Aug 17, 2015 at 6:17 AM, Dominique Hazael-Massieux <dom@w3.org> wrote: > On 17/08/2015 15:15, Eric Rescorla wrote: > >> How about a CSP directive that enables RTCPeerConnection for >> embedded contexts from specific origins and defaults to false for >> other than self? >> >> >> Seems like a question for WebAppSec. It's not like this is the only >> thing that's >> problematic in IFRAMEs >> > > I'm happy to take the question to WebAppSec, but it would probably be > useful to understand first if the group who owns WebRTC would be > comfortable with such a policy change :) > > Dom >Received on Monday, 17 August 2015 13:22:52 UTC
This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:18:08 UTC