- From: Iñaki Baz Castillo <ibc@aliax.net>
- Date: Fri, 9 Jan 2015 20:25:59 +0100
- To: Martin Thomson <martin.thomson@gmail.com>
- Cc: "public-webrtc@w3.org" <public-webrtc@w3.org>
2015-01-09 20:11 GMT+01:00 Martin Thomson <martin.thomson@gmail.com>: > So this is a case where the legitimate case is hard to distinguish > from a malicious case. Imagine a site wanted to pester you with > prompts at random times until you cave and click OK. A "malicious" website could try that at any time when the user clicks on a button, menu or whatever. I don't fully understand what this "security mechanism" is protecting the user from. > We can probably do better than that, but I can't fault Chrome for > their stance here. And the cost of a workaround isn't so dire. The cost of the workaround basically means forcing a getUserMedia prompt even before the JS app knows whether it may work or not (imagine the received SDP offer is "CHICKEN"). -- Iñaki Baz Castillo <ibc@aliax.net>
Received on Friday, 9 January 2015 19:26:46 UTC