This is an archived snapshot of W3C's public bugzilla bug tracker, decommissioned in April 2019. Please see the home page for more details.
I think we should allow this. There was a suggestion to not allow getUserMedia() in an iframe [1], but the people who expressed their opinions seemd to have a different view. A possible way to keep some of the increased security, gained by not allowing, is to disallow it by default, but let the main page to opt in to allow an iframe to use getUserMedia(). [1] http://lists.w3.org/Archives/Public/public-media-capture/2012Mar/0085.html
The URL in the bug description is wrong; here's the right one: http://lists.w3.org/Archives/Public/public-media-capture/2012Mar/0024.html
Adam, can you propose text? Otherwise perhaps this should be closed as "wontfix" given that there has been no input since last summer.
in case this helps, I surveyed a while ago how other permissions-gated APIs are deadling with this and other aspects: http://dontcallmedom.github.io/web-permissions-req/matrix.html In general, most APIs are allowed to run from within an iframe (except fullscreen ). I personally think this is a bug of the platform as a whole, so I also feel this is better addressed globally rather than on a piecemeal basis, so I would suggest we remain silent on this for now.
Let's remain silent on this, and have it addressed as a web platform question instead.