- From: Martin Thomson <martin.thomson@gmail.com>
- Date: Fri, 9 Jan 2015 11:11:17 -0800
- To: Iñaki Baz Castillo <ibc@aliax.net>
- Cc: "public-webrtc@w3.org" <public-webrtc@w3.org>
On 9 January 2015 at 09:12, Iñaki Baz Castillo <ibc@aliax.net> wrote: > The exact use case is described with pseudo-code in my previous mail. Basically: > > - The user's JS receives a SDP offer. > > - The JS first checks whether it is valid or not by creating a PC and > calling setRemoteDescription(). > > - If it is goes ok (so in the onSuccess callback of > setRemoteDescription), then the JS calls getUserMedia. > > => pain, no prompt. So this is a case where the legitimate case is hard to distinguish from a malicious case. Imagine a site wanted to pester you with prompts at random times until you cave and click OK. We can probably do better than that, but I can't fault Chrome for their stance here. And the cost of a workaround isn't so dire.
Received on Friday, 9 January 2015 19:11:44 UTC