raymeskhoury
commented
7 years ago @ddorwin I'd like to look at modifying the spec to add the checks for this. We basically need to call HTMLs "allowed to use" which is monkey-patched by the FP spec (see https://wicg.github.io/feature-policy/#integration-with-html).
The main question is where to insert the checks. Ideally, wherever we put the FP check would also be the place that user agents have the opportunity to prompt for permission (keeping these 2 things in sync is important in order to keep the permissions story sensible).
Do you have thoughts on where this should go in the flow? I see that there are currently ways to use requestMediaKeySystemAccess() that don't require a permission grant (at least in Chrome). Should we preserve the ability to do this even when the "encrypted-media" feature isn't enabled? If there are no security/privacy concerns with those invocations then it probably makes sense to continue to allow that.
ddorwin
We would like to explore disabling EME by default for cross-origin iframes. The idea is that it would be possible for the embedder to re-enable EME using the proposed Feature Policy mechanism.
Note that this issue is mainly just intended to start the discussion about this change. We still need to nail down the spec for feature policy before this can proceed. I'm also not super familiar with the API so guidance is appreciated :).
EME already has a failure mode that occurs as a result of the user denying permission. This same failure mode can be reused but we probably still want to alter the spec to include the additional check to see if the feature is allowed by Feature Policy.
The motivations for this change and a discussion of compatibility risk can be found here: https://docs.google.com/document/d/13dp9xWVyGM8THAQohDOT2mMOTSGLxEhSZEvgpmVLrxU/edit
@ddorwin @clelland