Confirmed users
717
edits
WebAPI/Security/WebTelephony: Difference between revisions
no edit summary
mNo edit summary |
No edit summary |
||
| Line 3: | Line 3: | ||
Brief purpose of API: Make and receive phone calls | Brief purpose of API: Make and receive phone calls | ||
*WebAPI:https://wiki.mozilla.org/WebAPI/WebTelephony | *WebAPI: https://wiki.mozilla.org/WebAPI/WebTelephony | ||
*B2G Meta telephony | *B2G Meta telephony bug: https://bugzilla.mozilla.org/show_bug.cgi?id=699235 | ||
*Web Telephony meta bug:https://bugzilla.mozilla.org/show_bug.cgi?id=674726 | *Web Telephony meta bug: https://bugzilla.mozilla.org/show_bug.cgi?id=674726 | ||
*Security discussion: https://groups.google.com/d/topic/mozilla.dev.webapps/34LUf50tpKA/discussion | |||
General Use Cases: None | General Use Cases: None | ||
| Line 20: | Line 21: | ||
== Regular web content (unauthenticated) == | == Regular web content (unauthenticated) == | ||
Use cases for unauthenticated code: click on a phone number in an email or browser to dial | Use cases for unauthenticated code: click on a phone number in an email or browser to dial | ||
Authorization model for uninstalled web content: explicit (web activities) | |||
Authorization model for installed web content: explicit (web activities) | |||
Potential mitigations: When user clicks on a phone number, app triggers a web activity to initiate the call. User interaction required to trigger. | |||
== Trusted (authenticated by publisher) == | == Trusted (authenticated by publisher) == | ||
Use cases for authenticated code: As per regular web app. | Use cases for authenticated code: As per regular web app. | ||
Authorization model: explicit (web activities) | |||
Potential mitigations: When user clicks on a phone number, app triggers a web activity to initiate the call. User interaction required to trigger. | |||
== Certified (vouched for by trusted 3rd party) == | == Certified (vouched for by trusted 3rd party) == | ||