[mediacapture-main] getUserMedia can be used to detect capabilities without permissions (#697) from guidou via GitHub on 2020-06-16 (public-webrtc@w3.org from June 2020)

From: guidou via GitHub <sysbot+gh@w3.org>
Date: Tue, 16 Jun 2020 10:55:22 +0000
To: public-webrtc@w3.org
Message-ID: <issues.opened-639569800-1592304921-sysbot+gh@w3.org>

guidou has just created a new issue for https://github.com/w3c/mediacapture-main:

== getUserMedia can be used to detect capabilities without permissions ==
The current getUserMedia() spec indicates that prompting for permission (step 5.2) goes after constraints processing (step 3.4).
A consequence of this is that it is possible to determine if the system is capable of, for example full HD capture (or any other capability), by making the appropriate gUM calls and looking at the resulting error.
In these cases, Chromium and Safari return OverconstrainedError and Firefox returns NotFoundError. 

Possible ways to address this:
1. Always return NotAllowedError if constraints processing fails, but no permission to use devices has yet been granted.
2. Prompt before constraints processing. 

Should we update the spec to address this?
 

Please view or discuss this issue at https://github.com/w3c/mediacapture-main/issues/697 using your GitHub account

Received on Tuesday, 16 June 2020 10:55:24 UTC