W3C home > Mailing lists > Public > public-webrtc@w3.org > January 2015

Re: Can getUserMedia() get called on a callback/event ?

From: Martin Thomson <martin.thomson@gmail.com>
Date: Fri, 9 Jan 2015 11:11:17 -0800
Message-ID: <CABkgnnV-G_VAZDAaahsU78Lk3O4OzT0P4uQiMeZCTNbE0nhwxA@mail.gmail.com>
To: Iñaki Baz Castillo <ibc@aliax.net>
Cc: "public-webrtc@w3.org" <public-webrtc@w3.org>
On 9 January 2015 at 09:12, Iñaki Baz Castillo <ibc@aliax.net> wrote:
> The exact use case is described with pseudo-code in my previous mail. Basically:
> - The user's JS receives a SDP offer.
> - The JS first checks whether it is valid or not by creating a PC and
> calling setRemoteDescription().
> - If it is goes ok (so in the onSuccess callback of
> setRemoteDescription), then the JS calls getUserMedia.
> => pain, no prompt.

So this is a case where the legitimate case is hard to distinguish
from a malicious case.  Imagine a site wanted to pester you with
prompts at random times until you cave and click OK.

We can probably do better than that, but I can't fault Chrome for
their stance here.  And the cost of a workaround isn't so dire.
Received on Friday, 9 January 2015 19:11:44 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:18:03 UTC