Support <iframe allow="camera" allow="microphone"> in sandboxed iframes, or similar

NEW
Unassigned

Status

()

Core
WebRTC: Audio/Video
P2
normal
Rank:
21
2 months ago
a month ago

People

(Reporter: jib, Unassigned)

Tracking

(Depends on: 1 bug, {stale-bug})

Trunk
stale-bug
Points:
---

Firefox Tracking Flags

(firefox57 affected)

Details

Sandboxed iframes need a long-term getUserMedia solution to let sites like stackoverflow, jsbin, codepen, jsfiddle etc. decide whether to let user-provided JavaScript code-snippets/bins/pens/fiddles request camera and microphone access from the (sub-)domain they operate in. Right now these sites can't do this without:

 1. Effectively turning off sandbox protections.

    To illustrate: of the four, only https://jsfiddle.net/jib1/hut751ep/ works in Chrome/Firefox (*) today
    because they use

      iframe.sandbox = "allow-scripts allow-same-origin";

   but it's an unsafe hack, as Firefox points out in web console:

     "An iframe which has both allow-scripts and allow-same-origin for its sandbox attribute can remove
      its sandboxing."

 2. Exposing users to the potentially unsafe option of persistenting permissions across all pages of the
    domain, which is likely too broad, and at best adds confusion about who's asking.

    Related: we do a poor job informing users about whom they're trusting in these cases (bug 1369482).

The rest of this issue is about #1.

FYI Chrome Canary now warns:

  "[Deprecation] getUserMedia (camera) usage in cross-origin iframes is deprecated and will be disabled in M63, around December 2017. To continue to use this feature, it must be enabled by the embedding document using Feature Policy, e.g. <iframe allow="camera" ...>. See https://goo.gl/EuHzyv for more details."

We suspect we'll similarly want to support allow="camera" and allow="microphone" properties on iframes, regardless of whether we end up otherwise adopting the larger Feature Policy spec.

---
*) Side-note on current Firefox iframe behavior: We're similar to Chrome only for camera (we still allow mic), and this happened by accident in 53 (see bug 1367805).
Correction: JSBin works as well as JSFiddle, except for bug 1384800.
(Reporter)

Updated

2 months ago
Rank: 21
Priority: -- → P1
Keywords: stale-bug
Mass change P1->P2 to align with new Mozilla triage process
Priority: P1 → P2
You need to log in before you can comment on or make changes to this bug.