W3C home > Mailing lists > Public > whatwg@whatwg.org > November 2008

[whatwg] Same-origin checking for media elements

From: Sander van Zoest <sander@vanzoest.com>
Date: Fri, 21 Nov 2008 09:15:15 -0800
Message-ID: <98c2a8300811210915m7e74075crd8b771c5a380ff7d@mail.gmail.com>
On Mon, Nov 10, 2008 at 6:50 PM, Robert O'Callahan <robert at ocallahan.org>wrote:

> Should <video> and <audio> elements be able to load and play resources from
> other origins?


How would this affect the very common scenario where content sites put
static and large data under a separate domain.
This is commonly done to avoid sending Cookies and other headers, while also
decreasing load times, as the content is
now being loaded from a different domain.

For example: What are my limitations, if I put my video at http://ex.cdn/,
but load it from http://www.example.com/ ?
Is there a way for me to whitelist a particular list of hosts/domains? Would
progress bars, loading different clips, captions, etc. be restricted? What
happens if there is metadata in the media file container that is
example.comspecific, is there a way to get access to it?

-- Sander
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.whatwg.org/pipermail/whatwg-whatwg.org/attachments/20081121/0d3ef29a/attachment.htm>
Received on Friday, 21 November 2008 09:15:15 UTC

This archive was generated by hypermail 2.4.0 : Wednesday, 22 January 2020 16:59:07 UTC