[Webkit-unassigned] [Bug 152299] [Privileged Contexts] Enable opt-in to DeviceOrientation and DeviceMotion for HTTPS-based iframes

bugzilla-daemon at webkit.org bugzilla-daemon at webkit.org
Thu Apr 7 02:42:37 PDT 2016


Davide Orazio Montersino <davide at davidemontersino.com> changed:

           What    |Removed                     |Added
                 CC|                            |davide at davidemontersino.com

--- Comment #13 from Davide Orazio Montersino <davide at davidemontersino.com> ---
(In reply to comment #12)
> It's really not the prerogative of the site author to decide if device
> status should be shared cross-domain.

I think it is - Enabling specific domains to access gyroscope data doesn't seem like a security threat.

The website owner could anyways share gyroscope data cross domain (i.e. web sockets).

The proposed solution of 'allow-device-sensors' attribute would allow fine grained control from website owners.

You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160407/47ec6da5/attachment-0001.html>

More information about the webkit-unassigned mailing list