Closed
Bug 1299577
Opened 8 years ago
Closed 7 months ago
Double-key origin for getUserMedia in iframes.
Categories
(Firefox :: Site Permissions, defect, P2)
Firefox
Site Permissions
Tracking
()
RESOLVED
DUPLICATE
of bug 1497141
People
(Reporter: jib, Unassigned)
References
(Blocks 1 open bug)
Details
The spec [1] was updated with the following language a while ago wrt iframes:
4. Let originIdentifier be the [HTML51] top-level browsing context's origin.
5. If the current [HTML51] browsing context is a [HTML51] nested browsing context whose origin is
different from originIdentifier, let originIdentifier be the result of combining originIdentifier
and the current browsing context's origin.
6. For the origin identified by originIdentifier, request permission for use of the devices, ...
We should comply.
Permission prompts for gUM in different-origin iframes should mention the top-level site as well, something like:
"Would you like to share your camera and microphone with both jsfiddle.net and fiddle.jshell.net?"
[1] https://w3c.github.io/mediacapture-main/getusermedia.html#dom-mediadevices-getusermedia
|
Reporter | |
Updated•8 years ago
|
Rank: 25
Priority: -- → P2
|
||
Comment 1•8 years ago
|
||
I see you filed this in core, but when reading the bug description it seems to require only front-end changes. Are there core changes needed here?
|
|
Reporter | |
Comment 2•8 years ago
|
||
Perhaps not! Let me know if that changes. Does that mean we need a separate but for android?
Component: WebRTC: Audio/Video → Device Permissions
Product: Core → Firefox
|
|
Reporter | |
Comment 3•8 years ago
|
||
s/but/bug/ (darn auto-complete)
|
|
||
Comment 4•8 years ago
|
||
(In reply to Jan-Ivar Bruaroey [:jib] from comment #2)
> Perhaps not! Let me know if that changes. Does that mean we need a separate
> bug for android?
I think so, yes.
|
|
||
Comment 5•8 years ago
|
||
(In reply to Jan-Ivar Bruaroey [:jib] from comment #0)
> Permission prompts for gUM in different-origin iframes should mention the
> top-level site as well, something like:
>
> "Would you like to share your camera and microphone with both jsfiddle.net
> and fiddle.jshell.net?"
Aislinn, do you have thoughts on this? How do you feel about the proposed wording here?
Flags: needinfo?(agrigas)
|
||
Comment 6•8 years ago
|
||
This is the phrasing we use for camera:
"Would you like to allow [domain name] to use your video camera?
X Remember this decision
[Don’t allow] [Allow video camera]"
We should keep this formatting as much as we can so I would suggest:
"Would you like to allow both [domain name 1] and [domain name 2] to use your camera and microphone?"
Flags: needinfo?(agrigas)
|
||
Comment 7•8 years ago
|
||
This looks like it's going to be permission-based, which means OriginAttributes will automatically be respected (insofar as we know we allow permissions across OA), but I just wanted to tag it for tracking.
|
||
Updated•2 years ago
|
Severity: normal → S3
|
||
Comment 8•7 months ago
|
||
Can this be closed now that we have permission delegation via permissions policy? Let me know if I read the bug wrong.
Flags: needinfo?(jib)
|
|
Reporter | |
Comment 9•7 months ago
|
||
Yes this is overtaken by events.
Status: NEW → RESOLVED
Closed: 7 months ago
Duplicate of bug: 1497141
Flags: needinfo?(jib)
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•