W3C home > Mailing lists > Public > public-webrtc@w3.org > January 2015

Re: Can getUserMedia() get called on a callback/event ?

From: Iñaki Baz Castillo <ibc@aliax.net>
Date: Fri, 9 Jan 2015 20:25:59 +0100
Message-ID: <CALiegfn_B7=+Mf=BQA=+Kn0kBRMGGHCf5q+fEaE9ogto=6GW7g@mail.gmail.com>
To: Martin Thomson <martin.thomson@gmail.com>
Cc: "public-webrtc@w3.org" <public-webrtc@w3.org>
2015-01-09 20:11 GMT+01:00 Martin Thomson <martin.thomson@gmail.com>:
> So this is a case where the legitimate case is hard to distinguish
> from a malicious case.  Imagine a site wanted to pester you with
> prompts at random times until you cave and click OK.

A "malicious" website could try that at any time when the user clicks
on a button, menu or whatever. I don't fully understand what this
"security mechanism" is protecting the user from.

> We can probably do better than that, but I can't fault Chrome for
> their stance here.  And the cost of a workaround isn't so dire.

The cost of the workaround basically means forcing a getUserMedia
prompt even before the JS app knows whether it may work or not
(imagine the received SDP offer is "CHICKEN").

Iñaki Baz Castillo
Received on Friday, 9 January 2015 19:26:46 UTC

This archive was generated by hypermail 2.4.0 : Friday, 17 January 2020 19:18:03 UTC