This is just bug 801066 and the blob and iframe are red herrings (a local patch conforms blob urls are fine with that fixed, but a proper patch will require a bit more for proper translation). As to why webrtc permission code isn't aligned with that of geolocation etc, it's because of its complicated permission needs, and lack of resources. > - Chrome is wrong to say a blob: created by a file:/// is "Not Secure" Agreed, based on https://w3c.github.io/webappsec-secure-contexts/#is-url-trustworthy This is really the only thing I see that makes Firefox stand out here. Both browsers allow camera and microphone access from local files. That local file navigating to a blob of its creation doesn't change any security properties (even if pasted elsewhere it can't survive its opener closing).
Bug 1861825 Comment 7 Edit History
Note: The actual edited comment in the bug view page will always show the original commenter’s name and original timestamp.
This is just bug 801066 and the blob and iframe are red herrings (a local patch confirms blob urls are fine with that fixed, but a proper patch will require a bit more for proper translation). As to why webrtc permission code isn't aligned with that of geolocation etc, it's because of its complicated permission needs, and lack of resources. > - Chrome is wrong to say a blob: created by a file:/// is "Not Secure" Agreed, based on https://w3c.github.io/webappsec-secure-contexts/#is-url-trustworthy This is really the only thing I see that makes Firefox stand out here. Both browsers allow camera and microphone access from local files. That local file navigating to a blob of its creation doesn't change any security properties (even if pasted elsewhere it can't survive its opener closing).
This is just bug 801066 and the blob and iframe are red herrings (a local patch confirms blob urls are fine with that fixed, but a proper patch will require a bit more for proper translation). As to why webrtc permission code isn't aligned with that of geolocation etc, it's because of its complicated permission needs, and lack of resources. > - Chrome is wrong to say a blob: created by a file:/// is "Not Secure" Agreed, based on https://w3c.github.io/webappsec-secure-contexts/#is-url-trustworthy This is really the only thing I see that makes Firefox stand out here. Both browsers allow camera and microphone access from local files. That local file navigating to a blob of its creation shouldn't change any security properties (even if pasted elsewhere it can't survive its opener closing).