Closed
Bug 1358506
Opened 7 years ago
Closed 4 years ago
Broken demo on device orientation documentation
Categories
(Developer Documentation Graveyard :: API: DOM, enhancement)
Tracking
(Not tracked)
RESOLVED
WONTFIX
People
(Reporter: droeh, Unassigned)
Details
I'm not sure if this is an actual bug or working as intended, but we have a deviceorientation example here: https://developer.mozilla.org/en-US/docs/Web/API/Detecting_device_orientation that is currently failing because it relies on receiving deviceorientation events in an iframe hosted on a different domain than the page itself. Is this intended behavior? In WindowCannotReceiveSensorEvent in nsDeviceSensors.cpp, it looks like we are checking for background-sensors permission on an iframe that is certainly not backgrounded. Discovered this while looking into bug 1318293, but I suspect this isn't limited to deviceorientation.
Reporter | ||
Comment 1•7 years ago
|
||
Smaug, it looks like you made the relevant changes to nsDeviceSensors.cpp.
Flags: needinfo?(bugs)
Comment 2•7 years ago
|
||
I would be a security bug to get the events from cross domain iframes.
Flags: needinfo?(bugs)
Yeah, some googling around suggests at least Safari does this too. We should get the MDN demo fixed.
Reporter | ||
Comment 4•7 years ago
|
||
(In reply to James Willcox (:snorp) (jwillcox@mozilla.com) from comment #3) > Yeah, some googling around suggests at least Safari does this too. We should > get the MDN demo fixed. Yep, I can confirm Safari behaves the same on iOS. Chrome seems to be the outlier here in allowing this behavior.
Reporter | ||
Updated•7 years ago
|
Component: DOM: Events → API: DOM
Keywords: dev-doc-needed
Product: Core → Developer Documentation
Summary: Cannot send device sensor DOM events to an iframe from a different domain → Broken demo on device orientation documentation
Reporter | ||
Comment 5•7 years ago
|
||
https://developer.mozilla.org/en-US/docs/Web/API/Detecting_device_orientation currently employs a demo that relies on a cross-domain iframe being able to receive device sensor events, which is no longer allowed for security reasons (per comment 2).
Comment 6•7 years ago
|
||
The security bug was reported to Google too, ages ago.
Comment 7•7 years ago
|
||
I added a warning under the example in MDN. I also filed this https://github.com/mozilla/kumascript/issues/168 .
Comment 8•4 years ago
|
||
MDN Web Docs' bug reporting has now moved to GitHub. From now on, please file content bugs at https://github.com/mdn/sprints/issues/ and platform bugs at https://github.com/mdn/kuma/issues/.
Status: NEW → RESOLVED
Closed: 4 years ago
Resolution: --- → WONTFIX
Updated•4 years ago
|
Keywords: dev-doc-needed
You need to log in
before you can comment on or make changes to this bug.
Description
•