Closed
Bug 1363854
Opened 7 years ago
Closed 5 years ago
I want to be able to use getUserMedia in a 'Popup' window
Categories
(WebExtensions :: Frontend, enhancement, P5)
WebExtensions
Frontend
Tracking
(Not tracked)
RESOLVED
DUPLICATE
of bug 1579489
People
(Reporter: anatal, Unassigned, NeedInfo)
References
Details
(Whiteboard: design-decision-approved)
When I try to access getUserMedia from inside a popup, I am getting the following CSP error [1].
The reason we need to use gUM from a popup and not from a tab is because we are prototyping a speech enabled virtual assistant that should be accessible anywhere in the browser, just a click away, to achieve the same experience we have on MacOS, when you just click a small icon in the toolbar to activate Siri, or on Windows to activate Cortana.
[1]
Content Security Policy: The page’s settings blocked the loading of a resource at self (“script-src moz-extension://3aaf0592-e6d0-6845-b325-6d6ed234b1b7”). Source:
navigator.getUserMedia = navigator.ge....
Comment 1•7 years ago
|
||
I'm not sure about the CSP error but the basic issue here is that calling gUM generates a permission prompt which requires that the request come from within a tabbrowser. A popup doesn't have one of course. For things like geolocation and peristent indexedDB we have used permissions in the extension manifest (or granted through the optional permissions API) in lieu of an interactive prompt). We could consider doing the same for gUM. Chrome apparently did this for apps with "audioCapture" and "videoCapture" permissions.
Caitlin, can you put this on the agenda for a future api triage?
Flags: needinfo?(cneiman)
Whiteboard: design-decision-needed
Comment 2•7 years ago
|
||
Thanks, Andrew! It's been added to the agenda. Andre, would you be able to join us at the meeting?
Wiki: https://wiki.mozilla.org/Add-ons/Contribute/Triage#Next_Meeting
Agenda: https://docs.google.com/document/d/1vrhHNOelBty4hXcjQ8VbFk-azHRFFDVyGka7H0VpEa8/edit#
Flags: needinfo?(cneiman)
Reporter | ||
Comment 3•7 years ago
|
||
(In reply to Caitlin Neiman (http://pronoun.is/she) from comment #2)
> Thanks, Andrew! It's been added to the agenda. Andre, would you be able to
> join us at the meeting?
>
Hi Caitlin. Sure, I will be there! Thank you both for the attention on this matter!
Updated•7 years ago
|
Flags: needinfo?(amckay)
Comment 4•7 years ago
|
||
We'll need some UX help on this one. We could do this through installation permissions, or maybe optional permissions, but there's a real concern that recording audio or video needs to give the user some kind of feedback that this is happening right now.
It would be pretty easy to install an add-on, approve this permission then forget about it.
Currently if a web page is doing audio or video capture, then it shows up on the tab. In this case there would be no tab to show an icon or indication to the user. This could be from a browser popup or a background page.
We'd need a firmer idea what to do for UX here before we approve this one, but we don't want to deny it either we think there's a good use case here.
Flags: needinfo?(amckay) → needinfo?(mjaritz)
Comment 5•7 years ago
|
||
I agree that we should ensure the user can be aware of audio &/or video capture being active, and has the control to stop them. And that, at least once, the user has to allow it, and be able to decide if they permanently allow this. (As we do with websites.)
As it looks like we will continue expanding what extensions can do and in what contexts,
I think therefor this is a policy questions first.
Do we treat extensions same as websites, or in what cases is it OK to have less control as a user?
We are starting to look into managing extensions and themes in Firefox more deeply, and with that all the individual ways they influence Firefox will be looked at. (permissions, optional permissions, overrides, web/tab permissions). I hope this will lead to a policy on when to show what to the users, and have a framework that provides UI for such additional requests.
With our current UI this does not look like an easy thing to solve. (And just listing it as a permission on install does not sound right.) Maybe asking the users for permission to do recordings through a tab, and have them set that permission to permanent might be a first steps that can ensure that the user is aware of what will happen. (Assuming that granted permission can then also be used in a pop-up/background process...)
Flags: needinfo?(mjaritz)
Comment 6•7 years ago
|
||
Based on the feedback, I'm going to mark this as approved, with the caveat that whomever decides to take on this bug needs to start by working on the UX problems first.
Priority: -- → P5
Whiteboard: design-decision-needed → design-decision-approved
Reporter | ||
Comment 7•7 years ago
|
||
Hey Andy, I can take it.
Reporter | ||
Updated•7 years ago
|
Assignee: nobody → anatal
Updated•7 years ago
|
Flags: needinfo?(sescalante)
Comment 8•6 years ago
|
||
(In reply to Markus Jaritz [:designakt] (UX) from comment #5)
> As it looks like we will continue expanding what extensions can do and in
> what contexts,
> I think therefor this is a policy questions first.
> Do we treat extensions same as websites, or in what cases is it OK to have
> less control as a user?
Markus, I would like to circle back to this since your last comments came a year ago and a lot has changed in that time. The ability to use gUM from an extension popup or background script still has valid use cases, but also comes with valid UX, security and privacy concerns. Has anything come along that might make this easier to implement?
Flags: needinfo?(mjaritz)
Comment 9•6 years ago
|
||
(In reply to Mike Conca [:mconca] (Denver, CO, USA UTC-6) from comment #8)
>
> Markus, I would like to circle back to this since your last comments came a
> year ago and a lot has changed in that time. The ability to use gUM from an
> extension popup or background script still has valid use cases, but also
> comes with valid UX, security and privacy concerns. Has anything come along
> that might make this easier to implement?
I am not aware of any policy decisions or guidelines of how we should balance user control with ease of use for extensions.
So I would assume we have to still take highest precautions to ensure that the user is aware of the recording.
And this means we have to show the permission dialog, as we do on websites... and this requires a tab, or maybe we could re-use that dialog and hang it off of an extensions icon.
(But for extensions without icon, I worry that this is getting confusing... we already have a few cases where we show a dialog attached to the Firefox menu, instead of the extension icon - but this should not scale to more and more cases.)
(Maybe it is time to consider requiring an icon in the toolbar/overflow for every extensions... as this would make it more transparent what permission connects with what extension)
Possibly something to discuss in our meeting today.
Flags: needinfo?(mjaritz)
Updated•6 years ago
|
Product: Toolkit → WebExtensions
Comment 10•5 years ago
|
||
We are hitting this problem in the Voice Assistant project. I wonder if this approach could work:
- An extension must first request media permissions from a tab. The user must select "Remember this decision". It will be up to the extension to onboard a user and acquire this permission.
- From a popup the extension can request the permission and receive it, if and only if the user has previously given permanent permission. Otherwise the media request is immediately rejected.
- If the permission is rejected from the popup, the extension should open a page and attempt to get the user's permission again.
This doesn't currently work because the media system tries to get the current tab, I believe to update the recording status indicator, but maybe other things. But we could fix those smaller issues and maybe avoid complicated UX changes.
Reporter | ||
Updated•5 years ago
|
Assignee: anatal → nobody
Updated•5 years ago
|
Status: NEW → RESOLVED
Closed: 5 years ago
Resolution: --- → DUPLICATE
You need to log in
before you can comment on or make changes to this bug.
Description
•