- From: Florian Bösch <pyalot@gmail.com>
- Date: Wed, 13 Jul 2016 14:22:28 +0200
- To: Sean McBeth <sean.mcbeth@primrosevr.com>
- Cc: Jeff Sonstein <jsonstein@gmail.com>, Brandon Jones <bajones@google.com>, public-webvr@w3.org
- Message-ID: <CAOK8ODj8DJaCzF-JzQ-w7RnrQseQOJCUXLLq876EgqkPA5g6Cw@mail.gmail.com>
PSA: Youtube 360° videos trough WebVR are not going to work when embedded on HTTP pages (as are popular on shared web hosters, hosted blogs, hosted domains, etc.). The general perception of those web authors will be "WebVR does not work right.". Trough no fault of WebVR. On Wed, Jul 13, 2016 at 2:10 PM, Sean McBeth <sean.mcbeth@primrosevr.com> wrote: > Used to be a day all anyone needed to publish on the web was the plain > text editor that came with the OS on the computer at their local library > and a free host like Geocities. > > Yes, some people abused those free hosts, but I don't think eliminating > them is going to have a significant impact on such motivated individuals. > It's most likely just going to squeeze out people who otherwise won't be > able to afford to publish online. > > Indeed, that is exactly how I started. I can't say for certain that free > library computer broke a chain of perpetual poverty in my family, but it > certainly didn't hurt. It was certainly the beginning point in a 25 > year-long journey that has me now running my own VR business. I am not able > to support anything that could harm that same opportunity for anyone else. > On Jul 13, 2016 8:06 AM, "Jeff Sonstein" <jsonstein@gmail.com> wrote: > >> IMHO same-origin no problem >> but HTTPS-only is def problematic >> given the realities of the Web >> >> jeffs >> -- >> Jeff Sonstein >> Assoc. Prof. (ret'd) >> College of Computing, R.I.T. >> >> >> On Jul 13, 2016, at 12:29 AM, Brandon Jones <bajones@google.com> wrote: >> >> Following conversations with Chrome's security teams, we are now planning >> on making WebVR only available to secure origins when it officially >> launches. This is consistent with our current policy for powerful new >> features >> <https://www.chromium.org/Home/chromium-security/prefer-secure-origins-for-powerful-new-features>, >> and we definitely consider WebVR to be a powerful feature! We are, in >> effect, giving sites the ability to take over not just your cursor or your >> screen but completely override one of your senses. It's prudent for us to >> ensure the digital reality we deliver to users is authenticated, >> integrity-checked, and confidential. >> >> We realize that some developers have strong opinions on this subject. We >> welcome feedback, *especially *if this policy makes your planned use >> case infeasible! But we also feel that the development community around a >> new feature like this is actually in the best position to gracefully handle >> this requirement. WebVR projects are less likely to have large amounts of >> legacy code that needs to be updated to support HTTPS. Additionally, >> efforts like Lets Encrypt are in full swing and make it easier than ever to >> make your sites secure. >> >> This change will not appear in my experimental binaries for a little >> while, but we wanted to make sure the community was aware of the change >> well in advance so that everyone has time to make the appropriate changes >> and provide us with any feedback you might have. >> >> Thanks! >> --Brandon Jones >> >> (PS: If you're reading this on web-vr-discuss@mozilla.org, I encourage >> you to join the public-webvr@w3.org mailing list! That's to official >> public mailing list for our community group >> <https://www.w3.org/community/webvr/> and the channel that will be used >> for communication like this in the future.) >> >> >>
Received on Wednesday, 13 July 2016 12:23:04 UTC