Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Restrict API to secure contexts #413

Merged
merged 4 commits into from Feb 27, 2017
Merged

Restrict API to secure contexts #413

merged 4 commits into from Feb 27, 2017

Conversation

mfoltzgoogle
Copy link
Contributor

Address Issue #380: Authenticity of screen selection permission is problematic in insecure contexts

This restricts the use of Presentation API to secure contexts through the use of [SecureContext]. Also:

  • Mixed content check is simplified
  • Examples are updated to use https:
  • Use correct term for a priori authenticated URL
  • Remove xref to potentially trustworthy origin as it's unused
  • Remove discussion of insecure origin display

@mfoltzgoogle
Copy link
Contributor Author

@mikewest @annevk

@annevk
Copy link
Member

annevk commented Feb 25, 2017

Looks good. Thanks!

mikewest
mikewest approved these changes Feb 26, 2017
View reviewed changes
Copy link
Member

@mikewest mikewest left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

\o/

tidoust
tidoust reviewed Feb 27, 2017
View reviewed changes
Copy link
Member

@tidoust tidoust left a comment
edited

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

One typo, looks good to me otherwise

index.html Outdated
Security Contexts"</code> and any member of
<var>presentationUrls</var> is an <a>a priori unauthenticated
URL</a>, then throw a <a>SecurityError</a> and abort these steps.
<li>If any member of <var>presentationUrls</var> is an not an <a>a
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

s/an not an/not an/

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Done

@anssiko
Copy link
Member

anssiko commented Feb 27, 2017

LGTM.

I noticed there's a ReSpec auto-linking issue ([SecureContext] links are broken) and reported it at w3c/respec#989 (comment)

We don't need to block on the ReSpec bug, and we're good to merge when comments have been addressed (can manually fix the broken links at publication time).

@anssiko anssiko mentioned this pull request Feb 27, 2017
Closed
6 tasks
@mfoltzgoogle mfoltzgoogle merged commit 7d5ffe9 into gh-pages Feb 27, 2017
@mfoltzgoogle mfoltzgoogle deleted the issue-380-securecontext branch February 27, 2017 22:44
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@tidoust tidoust tidoust left review comments

@mikewest mikewest mikewest approved these changes

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

None yet
5 participants
@mfoltzgoogle @annevk @anssiko @mikewest @tidoust