--
---
You received this message because you are subscribed to the Google Groups "discuss-webrtc" group.
To unsubscribe from this group and stop receiving emails from it, send an email to discuss-webrtc+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/discuss-webrtc/05a40281-89d6-457a-ade4-63d209f85671%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
--
---
You received this message because you are subscribed to the Google Groups "discuss-webrtc" group.
To unsubscribe from this group and stop receiving emails from it, send an email to discuss-webrtc+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/discuss-webrtc/b3c9fc13-27b6-4987-bb16-bd34ff31b257%40googlegroups.com.
To avoid second case, the only viable solution is to only allow gUM requests on trusted user click/touch events, which I think was already proposed.
Best regards
Sergio
To view this discussion on the web visit https://groups.google.com/d/msgid/discuss-webrtc/CAOqqYVGf0MrDh%3D-RwN40AA0C9pJkqEwQ2-i5COFAKHVrf4FiDg%40mail.gmail.com.
- There's advice against using "embed callee in URL" services - because these can be used to mount exactly the attack envisioned here. When the callee is established in a dialog, it's harder for the embedder to force the embedee to call a specific destination. (Couldn't find the text on a Saturday morning.)