Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Should WebRTC be [SecureContext] #228

Closed
travisleithead opened this issue Jan 31, 2018 · 8 comments
Closed

Should WebRTC be [SecureContext] #228

travisleithead opened this issue Jan 31, 2018 · 8 comments
Assignees
@travisleithead
Labels
Progress: pending external feedback The TAG is waiting on response to comments/questions asked by the TAG during the review
Milestone
2018-12-04-telcon

Comments

@travisleithead
Copy link
Contributor

As noted here, we are wondering whether we should ask WebRTC spec to be in [SecureContext]. Here's our issue to discuss...

CC @annevk, @alvestrand
@travisleithead travisleithead mentioned this issue Jan 31, 2018
Closed
5 tasks
@travisleithead travisleithead added this to the tag-f2f-tokyo-2018-04-05 milestone Jan 31, 2018
@annevk
Copy link
Member

annevk commented Jan 31, 2018

Per https://developer.mozilla.org/en-US/docs/Web/Security/Secure_Contexts/features_restricted_to_secure_contexts it seems browsers are moving in that direction. I'm not sure if [SecureContext] will work (e.g., perhaps there are sites assuming that interfaces exist), but restricting it to secure contexts in prose should be doable at least.

@torgo
Copy link
Member

torgo commented Apr 5, 2018

@dontcallmedom your feedback is solicited on this topic. Yves will follow up with context.

@travisleithead
Copy link
Contributor Author

TAG doesn't really have objections to asking WebRTC to make it [SecureContext]. Implementations have already started moving the feature to [SecureContext]… See https://developer.mozilla.org/en-US/docs/Web/Security/Secure_Contexts/features_restricted_to_secure_contexts. (Note Safari does restrict getUserMedia to [SecureContext].

@cynthia
Copy link
Member

cynthia commented Apr 5, 2018

From my testing, at least getUserMedia() seems to be secure context in at least three implementations, but the spec seems to disagree.

@torgo torgo removed the extra time label Apr 6, 2018
@cynthia cynthia added the Progress: pending external feedback The TAG is waiting on response to comments/questions asked by the TAG during the review label Apr 6, 2018
@vivienlacourba vivienlacourba mentioned this issue May 2, 2018
Closed
@dontcallmedom dontcallmedom mentioned this issue Jun 4, 2018
Merged
@jan-ivar
Copy link

jan-ivar commented Jun 4, 2018

We should probably specify when we're talking about RTCPeerConnection vs. getUserMedia, vs. long tail of other mediacapture-* specs, as "WebRTC" is often an umbrella term for all of the above.

@ylafon ylafon mentioned this issue Jul 25, 2018
Closed
@ylafon
Copy link
Member

ylafon commented Sep 13, 2018

See w3c/mediacapture-screen-share#77 and w3c/mediacapture-main#540

@jan-ivar
Copy link

And w3c/mediacapture-output#78.

@cynthia
Copy link
Member

cynthia commented Dec 4, 2018

Thanks a lot for following up on this. We have checked all the PRs on the spec side and yes, we are very happy to see this change.

Thank you for flying TAG! We are excited to see how the next generation comes out.

@cynthia cynthia closed this as completed Dec 4, 2018
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@travisleithead travisleithead

Labels
Progress: pending external feedback The TAG is waiting on response to comments/questions asked by the TAG during the review
Projects
None yet
Milestone
2018-12-04-telcon
Development

No branches or pull requests
7 participants
@cynthia @torgo @ylafon @annevk @travisleithead @plinss @jan-ivar