You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
@thiemonagel FYI
Both of getCoaelscedEvents and pointerrawupdate APIs expose some high frequency input and might expose some fingerprinting possibilities to the app.
Limiting this API to the secured origins makes sure only the intended origin has access to this data and no other malicious party over the network.
The text was updated successfully, but these errors were encountered:
NavidZ
changed the title
Limit pointerrawmove and getCoalescedEvents API to secure origins
Limit pointerrawupdate and getCoalescedEvents API to secure origins
Apr 17, 2019
If we want to do this, better to do it sooner than later, before non-secure context web pages start to use the APIs heavily. I could imagine some script libraries use the APIs and then one just uses those also outside secure context.
@thiemonagel FYI
Both of getCoaelscedEvents and pointerrawupdate APIs expose some high frequency input and might expose some fingerprinting possibilities to the app.
Limiting this API to the secured origins makes sure only the intended origin has access to this data and no other malicious party over the network.
The text was updated successfully, but these errors were encountered: