Closed
Bug 1312091
Opened 9 years ago
Closed 9 years ago
Cross-origin iframe hides Flash from navigator.plugins even when the Flash status is "always activate"
Categories
(Core Graveyard :: Plug-ins, defect, P3)
Core Graveyard
Plug-ins
Tracking
(firefox54 fixed)
RESOLVED
FIXED
mozilla54
| Tracking | Status | |
|---|---|---|
| firefox54 | --- | fixed |
People
(Reporter: benjamin, Assigned: mconley)
References
()
Details
Attachments
(2 files)
STR:
On Nightly with the default pref "plugins.navigator.hidden_ctp_plugin" set to "Shockwave Flash"
Set Flash as ask-to-activate
Load http://www.kongregate.com/games/Ninjakiwi/bloons-monkey-city
See the "Manage plug-in use" icon, click it and choose "Activate Now"
Reload the page
Expected:
The page should load with Flash activated
Actual:
The page continues to say Flash is not available
Technical details:
I debugged this, and the basic page structure is:
http://kongregate.com page
-> iframe src="http://ninjakiwifiles.com"
-> this page does the work including accessing navigator.plugins (using swfobject.js)
In this case, whether Flash is visible to the inner cross-domain iframe must be controlled by the CtP setting of the topmost page, and must *not* be controlled by the CtP setting of the inner domain.
Setting P3 for now because we're not currently testing/shipping this setting beyond nightly, but this should be considered a blocker before deploying bug 1186948 to other channels or to the plugin-blocking test.
Updated•9 years ago
|
Blocks: flash-click-to-play
| Reporter | ||
Comment 1•9 years ago
|
||
This doesn't block Flash click-to-play unless we decide to ship bug 1186948, which currently is not planned.
No longer blocks: flash-click-to-play
Comment 2•9 years ago
|
||
I think it has the same interaction with bug 1294341 than with bug 1186948 with turned-on pref, could that be? That said, this may also not be targeted to ship, it's confined to Nightly atm.
| Assignee | ||
Comment 4•9 years ago
|
||
Welp, I guess I'm gonna try to step up to the plate here.
Assignee: nobody → mconley
| Comment hidden (mozreview-request) |
| Comment hidden (mozreview-request) |
| Reporter | ||
Comment 7•9 years ago
|
||
| mozreview-review | ||
Comment on attachment 8829494 [details]
Bug 1312091 - Allow third-party subframes to access navigator.plugins[plugin] if the top-level document has allowed it.
https://reviewboard.mozilla.org/r/106572/#review107900
I wish we didn't have this permissions logic spread across nsObjectLoadingContent and nsPluginArray, but I don't think fixing it here makes sense.
Attachment #8829494 -
Flags: review?(benjamin) → review+
| Reporter | ||
Comment 8•9 years ago
|
||
| mozreview-review | ||
Comment on attachment 8829495 [details]
Bug 1312091 - Regression test.
https://reviewboard.mozilla.org/r/106574/#review107904
Attachment #8829495 -
Flags: review?(benjamin) → review+
Pushed by mconley@mozilla.com:
https://hg.mozilla.org/integration/autoland/rev/88356884c93e
Allow third-party subframes to access navigator.plugins[plugin] if the top-level document has allowed it. r=bsmedberg
https://hg.mozilla.org/integration/autoland/rev/32eef29c5754
Regression test. r=bsmedberg
Comment 10•9 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/88356884c93e
https://hg.mozilla.org/mozilla-central/rev/32eef29c5754
Status: NEW → RESOLVED
Closed: 9 years ago
status-firefox54:
--- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla54
Updated•4 years ago
|
Product: Core → Core Graveyard
You need to log in
before you can comment on or make changes to this bug.
Description
•