Log in

[yuranvideable]

I'm building a desktop application using OpenTok that is meant to run all the time on a user's computer. In order for the application to function correctly, the user must modify their flash settings to allow static.opentok.com access to the camera and microphone, and as we create new instances of the Publisher, we currently direct the user to have flash remember these settings.

This of course causes somewhat of a security issue, since now any webpage that the user visits that uses opentok can access the user's camera and microphone.

I was wondering if there is a way for you guys to point *.static.opentok.com to the same server, and have that server accept requests to those hostnames. One way of implementing this would be for each API key to be able to use [apikey].static.opentok.com. For example, if your API key were 1127, you'd be able to use 1127.static.opentok.com, and the opentok server would check to make sure that the subdomain matched the API key used for that session. You could also then create a dynamic version of the javascript, that automatically replaced the hostname with the correct hostname to contact based on the API key.

This would be immensely helpful for us, as we move toward launch, as the security issues associated with having users allowing microphone and webcam access to any page using opentok are a big concern for us.

[jtsai]

Hi there

We do have a custom pop-up that appears if a user sets allow static.opentok.com for one site, and then goes to another site that uses opentok. This will show up even if the same API Key is used. As long as it is on a different domain, it will pop up. This is what it looks like:

Screen Shot 2012-03-19 at 1.33.17 PM.png (17.77 KiB) Viewed 426 times

John