Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Extend iframe with a new allowusermedia attribute (issue: #268) #313

Merged
merged 4 commits into from
Feb 18, 2016
Merged

Extend iframe with a new allowusermedia attribute (issue: #268) #313

Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
47e82cf
Extend iframe with a new allowusermedia attribute
adam-be Feb 4, 2016
bfbd5e9
Fix review comment
adam-be Feb 9, 2016
ccf5514
Add 'subject to change'-note
adam-be Feb 9, 2016
cc2cb17
Check 'allowed to access user media' only for cross-origin iframes
adam-be Feb 10, 2016
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
45 changes: 45 additions & 0 deletions getusermedia.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -2655,6 +2655,19 @@ <h3>MediaDevices Interface Extensions</h3>
<p>If <var>requestedMediaTypes</var> is the empty set, return a
promise rejected with a <code>TypeError</code>.</p>
</li>
<li>
<p>If the current [[!HTML51]] <a href=
"https://www.w3.org/TR/2015/WD-html51-20150506/browsers.html#browsing-context">
browsing context</a> is a <a href=
"https://www.w3.org/TR/2015/WD-html51-20150506/browsers.html#nested-browsing-context">
nested browsing context</a> whose origin is different from the
<a href="https://www.w3.org/TR/2015/WD-html51-20150506/browsers.html#top-level-browsing-context">
top-level browsing context</a>'s origin and the nested browsing
context is not <a>allowed to access user media</a>, return a
promise rejected with a <code><a>DOMException</a></code> object
whose <code><a>name</a></code> attribute has the value
<code>SecurityError</code>.</p>
</li>
<li>
<p>Let <var>p</var> be a new promise.</p>
</li>
Expand Down Expand Up @@ -2876,6 +2889,38 @@ <h2>NavigatorUserMediaErrorCallback</h2>
object or an <code><a>OverconstrainedError</a></code> object.
</div>
</section>
<section>
<h2>User Media in an IFrame</h2>
<div class="note">The topic of this section is under discussion and may
be subject to change.</div>
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Suggest alternate text: NOTE: A general approach to the subject of passing permissions to iframes is being discussed in other fora. The result of that may give other means of passing permissions to an iframe.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Given Martin's comment about not being sure that 'require delegation' will fly we should perhaps stick with the original note.

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

We can always update the note to reflect the ongoing discussion. I think the current one works for now.

<p>There are some special circumstances when a cross-origin [[!HTML51]]
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Delete "special". I think it'll be fairly common.

Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'd propose to go one step further. Don't talk about circumstances, just describe that the embedding page must explicitly permit for a cross-origin iframe to be able to request user media.

<code><a href="https://www.w3.org/TR/2015/WD-html51-20150506/semantics.html#the-iframe-element">
iframe</a></code> wants to access user media. A cross-origin iframe needs
explicit permission from the embedding page and it needs to identify
itself in the security prompt presented to the user. This section,
together with the <code><a>getUserMedia()</a></code> algorithm, specifies
that behavior.</p>
<p>The <code><a>HTMLIFrameElement</a></code> is extended with an <dfn id=
"iframe-allowusermedia"><code>allowusermedia</code></dfn> content
attribute. <code>allowusermedia</code> is a [[!HTML51]] <code><a href=
"https://www.w3.org/TR/2015/WD-html51-20150506/infrastructure.html#boolean-attribute">
boolean attribute</a></code>. When specified, it indicates that scripts
in the iframe element's browsing context are <dfn>allowed to access user
media</dfn> (if it's not blocked for other reasons, e.g. there is another
ancestor iframe without this attribute set).</p>
<p>The iframe DOM interface is extended as described by the partial
interface below.</p>
<dl class="idl" title="partial interface HTMLIFrameElement">
<dt>attribute boolean allowUserMedia</dt>
<dd>
<p>The allowUserMedia IDL attribute MUST [[!HTML51]] <code><a href=
"https://www.w3.org/TR/2015/WD-html51-20150506/infrastructure.html#reflect">
reflect</a></code> the <code><a href=
"#iframe-allowusermedia">allowusermedia</a></code> content
attribute.</p>
</dd>
</dl>
</section>
<section>
<h2>Implementation Suggestions</h2>
<div class="practice">
Expand Down