Bugzilla

Thank you, Andrew for identifying the particular prefs involved, and Michael the regression trigger.

This was not an intended side-effect of [the removal of one](https://hg.mozilla.org/integration/autoland/rev/3c77f9f68fe8#l5.26) of two permissions checks.
However, before that change, the interaction of the preferences was not consistent: `nsIPermissionManager::PROMPT_ACTION` in "permissions.default.microphone" had no effect fake streams.

When the `nsIPermissionManager` code was introduced, fake streams were [explicitly excluded](https://hg.mozilla.org/mozilla-central/rev/2c5c8a682efc289c7d815ef8a6c2b87a3569d605#l15.98) unless "media.navigator.permission.fake" was set.
This was [still](https://hg.mozilla.org/mozilla-central/rev/49fbb330d910edb2ef086a9524aa922c18695984#l2.103) the situation when "media.navigator.streams.fake" was introduced for tests.
I.e. the design was that "media.navigator.streams.fake" should usually cause permissions to be ignored.

Having `DENY_ACTION` permissions apply by default to fake streams [seems to have been an accident](https://hg.mozilla.org/mozreview/gecko/rev/69d91b61bca5bc11c8c0febf0a3d0e7e167f537e#l1.313).

The recent changes for bug 1730163 have restored the original behavior.

Permissions should still take effect when "media.navigator.permission.fake" is set with "media.navigator.streams.fake".  That may be a reasonable compromise, allowing permissions to have effect if desired, but defaulting to allowing fake streams without permission because they don't contain sensitive data.

Thank you, Andrew for identifying the particular prefs involved, and Michael the regression trigger.

This was not an intended side-effect of [the removal of one](https://hg.mozilla.org/integration/autoland/rev/3c77f9f68fe8#l5.26) of two permissions checks.
However, before that change, the interaction of the preferences was not consistent: `nsIPermissionManager::PROMPT_ACTION` in "permissions.default.microphone" had no effect fake streams.

When the `nsIPermissionManager` code was introduced, fake streams were [explicitly excluded](https://hg.mozilla.org/mozilla-central/rev/2c5c8a682efc289c7d815ef8a6c2b87a3569d605#l15.98) unless "media.navigator.permission.fake" was set.
This was [still](https://hg.mozilla.org/mozilla-central/rev/49fbb330d910edb2ef086a9524aa922c18695984#l2.103) the situation when "media.navigator.streams.fake" was introduced for tests.
I.e. the design was that "media.navigator.streams.fake" should usually cause permissions to be ignored.

Having `DENY_ACTION` permissions apply by default to fake streams [seems to have been an accident](https://hg.mozilla.org/mozreview/gecko/rev/69d91b61bca5bc11c8c0febf0a3d0e7e167f537e#l1.313).

The recent changes for bug 1720643 have restored the original behavior.

Permissions should still take effect when "media.navigator.permission.fake" is set with "media.navigator.streams.fake".  That may be a reasonable compromise, allowing permissions to have effect if desired, but defaulting to allowing fake streams without permission because they don't contain sensitive data.

Thank you, Andrew for identifying the particular prefs involved, and Michael the regression trigger.

This was not an intended side-effect of [the removal of one](https://hg.mozilla.org/integration/autoland/rev/3c77f9f68fe8#l5.26) of two permissions checks.
However, before that change, the interaction of the preferences was not consistent: `nsIPermissionManager::PROMPT_ACTION` in "permissions.default.microphone" had no effect fake streams.

When the `nsIPermissionManager` code was introduced, fake streams were [explicitly excluded](https://hg.mozilla.org/mozilla-central/rev/2c5c8a682efc289c7d815ef8a6c2b87a3569d605#l15.98) unless "media.navigator.permission.fake" was set.
This was [still](https://hg.mozilla.org/mozilla-central/rev/49fbb330d910edb2ef086a9524aa922c18695984#l2.103) the situation when "media.navigator.streams.fake" was introduced for tests.
I.e. the design was that "media.navigator.streams.fake" should usually cause permissions to be ignored.

Having `DENY_ACTION` permissions apply by default to fake streams [seems to have been an accident](https://hg.mozilla.org/mozreview/gecko/rev/69d91b61bca5bc11c8c0febf0a3d0e7e167f537e#l1.313).

The recent changes for bug 1720643 have restored the original behavior.

Permissions should still be taking effect when "media.navigator.permission.fake" is set with "media.navigator.streams.fake".  That may be a reasonable compromise, allowing permissions to have effect if desired, but defaulting to allowing fake streams without permission because they don't contain sensitive data.

Thank you, Andrew for identifying the particular prefs involved, and Michael the regression trigger.

This was not an intended side-effect of [the removal of one](https://hg.mozilla.org/integration/autoland/rev/3c77f9f68fe8#l5.26) of two permissions checks.
However, before that change, the interaction of the preferences was not consistent: `nsIPermissionManager::PROMPT_ACTION` in "permissions.default.microphone" had no effect fake streams.

When the `nsIPermissionManager` code was introduced, fake streams were [explicitly excluded](https://hg.mozilla.org/mozilla-central/rev/2c5c8a682efc289c7d815ef8a6c2b87a3569d605#l15.98) unless "media.navigator.permission.fake" was set.
This was [still](https://hg.mozilla.org/mozilla-central/rev/49fbb330d910edb2ef086a9524aa922c18695984#l2.103) the situation when "media.navigator.streams.fake" was introduced for tests.
I.e. the design was that "media.navigator.streams.fake" should usually cause permissions to be ignored.

Having `DENY_ACTION` permissions apply by default to fake streams [seems to have been an accident](https://hg.mozilla.org/mozreview/gecko/rev/69d91b61bca5bc11c8c0febf0a3d0e7e167f537e#l1.313).

The recent changes for bug 1720643 have restored the original behavior.

Permissions still take effect when "media.navigator.permission.fake" is set with "media.navigator.streams.fake".  That may be a reasonable compromise, allowing permissions to have effect if desired, but defaulting to allowing fake streams without permission because they don't contain sensitive data.