[Webkit-unassigned] [Bug 152299] [Privileged Contexts] Enable opt-in to DeviceOrientation and DeviceMotion for HTTPS-based iframes
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Apr 7 02:42:37 PDT 2016
https://bugs.webkit.org/show_bug.cgi?id=152299
Davide Orazio Montersino <davide at davidemontersino.com> changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |davide at davidemontersino.com
--- Comment #13 from Davide Orazio Montersino <davide at davidemontersino.com> ---
(In reply to comment #12)
> It's really not the prerogative of the site author to decide if device
> status should be shared cross-domain.
I think it is - Enabling specific domains to access gyroscope data doesn't seem like a security threat.
The website owner could anyways share gyroscope data cross domain (i.e. web sockets).
The proposed solution of 'allow-device-sensors' attribute would allow fine grained control from website owners.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20160407/47ec6da5/attachment-0001.html>
More information about the webkit-unassigned
mailing list