-
Notifications
You must be signed in to change notification settings - Fork 131
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Require Feature Policy for WebUSB in iframes #82
Comments
reillyeon
added a commit
to reillyeon/webusb
that referenced
this issue
Mar 28, 2017
The integration with the Feature Policy specification allows us to disallow (by default) access to this feature by cross-origin iframes with a standardized mechanism for the top-level document to grant access to this feature to origins that it trusts. With this mitigation in place the Allowed Origins descriptors are removed from the specification. This resolves the question in WICG#49 of whether access to USB devices should be controlled by the vendor or the user in the favor of the user. This resolves issue WICG#82 and obsoletes issues WICG#15 and WICG#38.
reillyeon
added a commit
to reillyeon/webusb
that referenced
this issue
Mar 28, 2017
The integration with the Feature Policy specification allows us to disallow (by default) access to this feature by cross-origin iframes with a standardized mechanism for the top-level document to grant access to this feature to origins that it trusts. With this mitigation in place the Allowed Origins descriptors are removed from the specification. This resolves the question in WICG#49 of whether access to USB devices should be controlled by the vendor or the user in the favor of the user. This resolves issue WICG#82 and obsoletes issues WICG#15 and WICG#38.
reillyeon
added a commit
to reillyeon/webusb
that referenced
this issue
Mar 29, 2017
The integration with the Feature Policy specification allows us to disallow (by default) access to this feature by cross-origin iframes with a standardized mechanism for the top-level document to grant access to this feature to origins that it trusts. With this mitigation in place the Allowed Origins descriptors are removed from the specification. This resolves the question in WICG#49 of whether access to USB devices should be controlled by the vendor or the user in the favor of the user. This resolves issue WICG#82 and obsoletes issues WICG#15 and WICG#38.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
This is a new powerful feature so it should take advantage of the Feature Policy spec to avoid abuse.
The text was updated successfully, but these errors were encountered: