On Sat, Sep 13, 2014 at 12:38 AM, Anne van Kesteren <ann...@annevk.nl> wrote:
> On Sat, Sep 13, 2014 at 12:07 AM, Martin Thomson <m...@mozilla.com> wrote > > > An iframe embed is different, but in that context, the framed site > > retains complete control over its content and is arguably competent to > > ensure that it isn't abused; more importantly, the outer site has no > > visibility other than what the framed site grants it. > > I just gave an example where it would matter. I could similarly > imagine that I'd be okay with skype.com to have persistant camera > access when I navigate to it, but not when skype.com is in an <iframe> > somewhere serving ads. I just tested this and it appears that at least for gUM, IFRAMEs do *not* get persistent permissions even if they would have them if they were in the top level window. Rather, you always get prompted. You can test this yourself using: https://mozilla.github.io/webrtc-landing/gum_test.html and https://mozilla.github.io/webrtc-landing/gum_iframe.html (note: contains mixed content for test purposes) or the HTTP variant. -Ekr _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform
