[mediacapture-main] Permission model for cross-origin iframes from Martin Thomson via GitHub on 2015-10-29 (public-media-capture-logs@w3.org from October 2015)

From: Martin Thomson via GitHub <sysbot+gh@w3.org>
Date: Thu, 29 Oct 2015 08:39:24 +0000
To: public-media-capture-logs@w3.org
Message-ID: <issues.opened-114003054-1446107962-sysbot+gh@w3.org>

martinthomson has just created a new issue for 
https://github.com/w3c/mediacapture-main:

== Permission model for cross-origin iframes ==
@juberti suggested that Chrome has some special interaction between 
the top-level browsing context and iframes when gUM consent is 
requested.  What, if any, special treatment do we need for cases where
 gUM is called from within an iframe.

Options: 
1. iframes can request permission as normal, bound to their origin
2. iframes can only request permission their origin == the top level 
origin
3. iframes can request permission, but they have to request special 
permission to operate in an iframe (permission key is iframe-origin + 
a boolean indicating top-level vs iframe)
4. as 3, but each different top-level origin gets a different special 
permission (permission key is top-level-origin + iframe-origin)
5. permission key is the full origin chain from top-level down

Separately, we might consider an option for higher level contexts to 
indicate if nested browsing contexts are able to use gUM (default 
tbd), much like the fullscreen API.

See https://github.com/w3c/mediacapture-main/issues/267

Received on Thursday, 29 October 2015 08:39:30 UTC