canmove, Confirmed users
1,220
edits
WebAPI/Security/WebTelephony: Difference between revisions
→Regular web content (unauthenticated)
Ptheriault (talk | contribs) No edit summary |
Ptheriault (talk | contribs) |
||
| Line 20: | Line 20: | ||
== Regular web content (unauthenticated) == | == Regular web content (unauthenticated) == | ||
Use cases for unauthenticated code: click on a phone number in an email or browser to dial | Use cases for unauthenticated code: click on a phone number in an email or browser to dial | ||
Authorization model for uninstalled web content: explicit (web activities) | *Authorization model for uninstalled web content: explicit (web activities) | ||
Authorization model for installed web content: explicit (web activities) | *Authorization model for installed web content: explicit (web activities) | ||
Potential mitigations: When user clicks on a phone number, app triggers a web activity to initiate the call. User interaction required to trigger. | *Potential mitigations: When user clicks on a phone number, app triggers a web activity to initiate the call. User interaction required to trigger. | ||
== Trusted (authenticated by publisher) == | == Trusted (authenticated by publisher) == | ||