- From: Tim Panton <tim@pi.pe>
- Date: Tue, 15 Jun 2021 20:49:55 +0100
- To: Harald Alvestrand <harald@alvestrand.no>
- Cc: Sergio Garcia Murillo <sergio.garcia.murillo@gmail.com>, Elad Alon <eladalon@google.com>, Youenn Fablet <youenn@apple.com>, Jan-Ivar Bruaroey <jib@mozilla.com>, WebRTC WG <public-webrtc@w3.org>
> On 15 Jun 2021, at 20:37, Harald Alvestrand <harald@alvestrand.no> wrote: > > The point of the origin is that the UA vouches for it's authenticity. > > The token is just a string. As long as you can pass a string, the app can choose to pass anything: numbers, tokens, or jsonified objects. App's business, not UA business. I still don’t understand why the origin is relevant - apart from enabling a page to engage in uncompetitive behaviour. The token is only exchanged when a user has authorised a capture and both sides agree that the captured page is suitable for remote control. So why would either side care what the origin is? T.
Received on Tuesday, 15 June 2021 19:50:37 UTC