[mediacapture-screen-share] Let pages opt-in to capture. (#155) from Jan-Ivar Bruaroey via GitHub on 2020-12-15 (public-webrtc@w3.org from December 2020)

From: Jan-Ivar Bruaroey via GitHub <sysbot+gh@w3.org>
Date: Tue, 15 Dec 2020 01:05:21 +0000
To: public-webrtc@w3.org
Message-ID: <issues.opened-767064313-1607994320-sysbot+gh@w3.org>

jan-ivar has just created a new issue for https://github.com/w3c/mediacapture-screen-share:

== Let pages opt-in to capture. ==
Compared to native, capturing a web page has been plagued by [security concerns](https://blog.mozilla.org/webrtc/share-browser-windows-entire-screen-sites-trust/) since this spec's inception. Can we imagine a web that's safer to screen-capture, similar to a [web where `SharedArrayBuffer` is safer to use](https://web.dev/why-coop-coep/#coep)?

What if we came across a page that met these conditions? We could remove restrictions added for the legacy web, both for some choices in the existing `getDisplayMedia` and new APIs like the proposed `getTabMedia`.

One idea for such opt-in is `Cross-Origin-Embedder-Policy: require-corp; html-capture` covered in slides [here](https://docs.google.com/presentation/d/1CeNeno5XuDhm1mpnVyE9eT14YKZgZUtgQsJfC8uqEpA/edit?ts=5fc7fcd2#slide=id.g786a1abc5c_1_94).

I'm opening an issue to discuss this independent of those APIs. Note it only covers the cross-origin issue. Permissions are still needed to cover user information harvesting.

I've also created a [COEP playground](https://marvelous-interesting-vessel.glitch.me/require-corp
) in [glitch](https://glitch.com/edit/#!/marvelous-interesting-vessel) for those unfamiliar with the concept and want to experiment with it.

Please view or discuss this issue at https://github.com/w3c/mediacapture-screen-share/issues/155 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Tuesday, 15 December 2020 01:05:22 UTC