From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <ffmpeg-devel-bounces@ffmpeg.org>
Received: from ffbox0-bg.mplayerhq.hu (ffbox0-bg.ffmpeg.org [79.124.17.100])
	by master.gitmailbox.com (Postfix) with ESMTP id 270CF45CB5
	for <ffmpegdev@gitmailbox.com>; Wed,  3 May 2023 11:16:15 +0000 (UTC)
Received: from [127.0.1.1] (localhost [127.0.0.1])
	by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id C01F668BE7A;
	Wed,  3 May 2023 14:16:12 +0300 (EEST)
Received: from ursule.remlab.net (vps-a2bccee9.vps.ovh.net [51.75.19.47])
 by ffbox0-bg.mplayerhq.hu (Postfix) with ESMTP id 6C26A68A892
 for <ffmpeg-devel@ffmpeg.org>; Wed,  3 May 2023 14:16:06 +0300 (EEST)
Received: from ursule.remlab.net (localhost [IPv6:::1])
 by ursule.remlab.net (Postfix) with ESMTP id D4A63C006A
 for <ffmpeg-devel@ffmpeg.org>; Wed,  3 May 2023 14:16:05 +0300 (EEST)
Received: from [127.0.0.1] ([212.149.142.231])
 by ursule.remlab.net with ESMTPSA id N1eGMHVCUmSxRikAwZXkwQ
 (envelope-from <remi@remlab.net>)
 for <ffmpeg-devel@ffmpeg.org>; Wed, 03 May 2023 14:16:05 +0300
Date: Wed, 03 May 2023 14:16:03 +0300
From: =?ISO-8859-1?Q?R=E9mi_Denis-Courmont?= <remi@remlab.net>
To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
User-Agent: K-9 Mail for Android
In-Reply-To: <20230502193631.10844-1-michael@niedermayer.cc>
References: <20230502193631.10844-1-michael@niedermayer.cc>
Message-ID: <09C1198A-DB0A-43CC-ADCA-23594E0BFEDA@remlab.net>
MIME-Version: 1.0
X-Content-Filtered-By: Mailman/MimeDel 2.1.29
Subject: Re: [FFmpeg-devel] [PATCH] [RFC] avformat: Add basic same origin
 check
X-BeenThere: ffmpeg-devel@ffmpeg.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: FFmpeg development discussions and patches <ffmpeg-devel.ffmpeg.org>
List-Unsubscribe: <https://ffmpeg.org/mailman/options/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=unsubscribe>
List-Archive: <https://ffmpeg.org/pipermail/ffmpeg-devel>
List-Post: <mailto:ffmpeg-devel@ffmpeg.org>
List-Help: <mailto:ffmpeg-devel-request@ffmpeg.org?subject=help>
List-Subscribe: <https://ffmpeg.org/mailman/listinfo/ffmpeg-devel>,
 <mailto:ffmpeg-devel-request@ffmpeg.org?subject=subscribe>
Reply-To: FFmpeg development discussions and patches <ffmpeg-devel@ffmpeg.org>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: ffmpeg-devel-bounces@ffmpeg.org
Sender: "ffmpeg-devel" <ffmpeg-devel-bounces@ffmpeg.org>
Archived-At: <https://master.gitmailbox.com/ffmpegdev/09C1198A-DB0A-43CC-ADCA-23594E0BFEDA@remlab.net/>
List-Archive: <https://master.gitmailbox.com/ffmpegdev/>
List-Post: <mailto:ffmpegdev@gitmailbox.com>

Nit: different

But is there an actual threat model whence it is necessary or even useful for a media framework to implement origin policies? On top of my head, this can be used by content providers to prevent third parties from referencing their media files... but that seems user-hostile; it does not provide any security for the user of FFmpeg.

I could be wrong, but IMU, origin policy is meant to prevent harmful embedding of images and frames, and to prevent cross-site scripting, but FFmpeg doesn't support either if these anyway, so it's not concerned.
_______________________________________________
ffmpeg-devel mailing list
ffmpeg-devel@ffmpeg.org
https://ffmpeg.org/mailman/listinfo/ffmpeg-devel

To unsubscribe, visit link above, or email
ffmpeg-devel-request@ffmpeg.org with subject "unsubscribe".