Closed Bug 1312091 Opened 9 years ago Closed 9 years ago

Cross-origin iframe hides Flash from navigator.plugins even when the Flash status is "always activate"

Categories

(Core Graveyard :: Plug-ins, defect, P3)

defect

Tracking

(firefox54 fixed)

RESOLVED FIXED
mozilla54
Tracking Status
firefox54 --- fixed

People

(Reporter: benjamin, Assigned: mconley)

References

()

Details

Attachments

(2 files)

STR: On Nightly with the default pref "plugins.navigator.hidden_ctp_plugin" set to "Shockwave Flash" Set Flash as ask-to-activate Load http://www.kongregate.com/games/Ninjakiwi/bloons-monkey-city See the "Manage plug-in use" icon, click it and choose "Activate Now" Reload the page Expected: The page should load with Flash activated Actual: The page continues to say Flash is not available Technical details: I debugged this, and the basic page structure is: http://kongregate.com page -> iframe src="http://ninjakiwifiles.com" -> this page does the work including accessing navigator.plugins (using swfobject.js) In this case, whether Flash is visible to the inner cross-domain iframe must be controlled by the CtP setting of the topmost page, and must *not* be controlled by the CtP setting of the inner domain. Setting P3 for now because we're not currently testing/shipping this setting beyond nightly, but this should be considered a blocker before deploying bug 1186948 to other channels or to the plugin-blocking test.
This doesn't block Flash click-to-play unless we decide to ship bug 1186948, which currently is not planned.
No longer blocks: flash-click-to-play
I think it has the same interaction with bug 1294341 than with bug 1186948 with turned-on pref, could that be? That said, this may also not be targeted to ship, it's confined to Nightly atm.
Welp, I guess I'm gonna try to step up to the plate here.
Assignee: nobody → mconley
Comment on attachment 8829494 [details] Bug 1312091 - Allow third-party subframes to access navigator.plugins[plugin] if the top-level document has allowed it. https://reviewboard.mozilla.org/r/106572/#review107900 I wish we didn't have this permissions logic spread across nsObjectLoadingContent and nsPluginArray, but I don't think fixing it here makes sense.
Attachment #8829494 - Flags: review?(benjamin) → review+
Attachment #8829495 - Flags: review?(benjamin) → review+
Pushed by mconley@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/88356884c93e Allow third-party subframes to access navigator.plugins[plugin] if the top-level document has allowed it. r=bsmedberg https://hg.mozilla.org/integration/autoland/rev/32eef29c5754 Regression test. r=bsmedberg
Status: NEW → RESOLVED
Closed: 9 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla54
Product: Core → Core Graveyard
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: