Security and privacy section must be normative

[Security & Privacy section](http://w3c.github.io/deviceorientation/spec-source-orientation.html#security-and-privacy) must be made normative to avoid interoperability issues related to cross-origin API access, exposure of powerful features only to secure context, etc.

Currently, browsers implement cross-origin access to the API differently:

**Cross-origin access is blocked in:**
- [Webkit](https://bugs.webkit.org/show_bug.cgi?id=150072)
- [Mozilla](https://hg.mozilla.org/releases/mozilla-aurora/rev/163849e878fc)

**Cross-origin access is allowed in:**
- Chromium ([Issue 598674](https://bugs.chromium.org/p/chromium/issues/detail?id=598674))
- Edge
- IE (IE11)

**Proposal:**
 - Make Security & Privacy normative
 - Block access to cross-origin iframes
 - As the Device Motion & Orientation exposes sensitive data, restrict access only to secure contexts https://github.com/w3c/deviceorientation/issues/47
 - Reuse applicable mitigation strategies from Generic Sensor API https://w3c.github.io/sensors/#security-and-privacy

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Security and privacy section must be normative #46

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Security and privacy section must be normative #46

Description

Metadata

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development

Issue actions