- From: Bjoern Hoehrmann <derhoermi@gmx.net>
- Date: Thu, 05 Feb 2015 10:26:43 +0100
- To: Harald Alvestrand <harald@alvestrand.no>
- Cc: public-webrtc@w3.org
* Harald Alvestrand wrote: >Den 05. feb. 2015 07:39, skrev Bjoern Hoehrmann: >> * Harald Alvestrand wrote: >>> We have discussed this before, and concluded that a confirmation dialog >>> makes no more sense than having a confirmation dialog for performing an >>> XHR request or opening a Websocket - neither of which requires >>> confirmation dialogs today. >> >> Neither of those disclose information not otherwise available to random >> web sites, so that is not a valid comparison. > >"Not otherwise" is a misnomer here. They expose a ton of information >(think HTTP headers), but the information they expose is inherent in >providing the functionality they do provide. The reason we don't think >of them as such is because we've become used to that information being >provided. A XMLHttpRequest message might contain a User-Agent header the content of which is available to script through the `navigator` object, and it might contain a Cookie header the content of which is already known to the server, it might contain a username and password for which the user got prompted, it might contain an Accept-Language header that is also sent out when requesting an <img>, and so on and so forth. None of the examples are similar to the case at hand, * there is no getLocalIpAddresses() API * the server does not already know the local IP addresses * the user did not get prompted to provide them * requesting an <img> does not disclose local IP addresses -- Björn Höhrmann · mailto:bjoern@hoehrmann.de · http://bjoern.hoehrmann.de D-10243 Berlin · PGP Pub. KeyID: 0xA4357E78 · http://www.bjoernsworld.de Available for hire in Berlin (early 2015) · http://www.websitedev.de/
Received on Thursday, 5 February 2015 09:27:11 UTC