Open Bug 1606362 Opened 5 years ago Updated 4 years ago

Why does gum prompt say "allow jsfiddle.net to give Unknown origin access" on Mac but not Windows?

Categories

(Core :: DOM: Security, defect, P3)

Unspecified
macOS
defect

Tracking

()

People

(Reporter: jib, Unassigned)

References

(Regression)

Details

(Keywords: regression, Whiteboard: [domsecurity-backlog1])

Attachments

(2 files)

Attached image MacOSGumPrompt.png

STRs:

  1. Open https://jsfiddle.net/jib1/pz5pynyf/

Expected result (like on Windows):

  • Will you allow jsfiddle.net to give fiddle.jshell.net access to your camera and microphone?

Actual result (on MacOS 10.15.1):

  • Will you allow jsfiddle.net to give Unknown origin access to your camera and microphone?
Flags: needinfo?(tnguyen)

Looking at this, it would be a corner case I missed.

Assignee: nobody → tnguyen
Status: NEW → ASSIGNED
Priority: -- → P2
Whiteboard: [domsecurity-active]

It works for me, I am using Mac OS 10.14.6, that's weird

Flags: needinfo?(tnguyen)

I don't have 10.15 mac os machine, but a colleague (15.10.2) tried with version 06ac189e2e99a17276f3c79106c836c9bfa8fb37 and it works, can you please try again? I guess there would be another step could cause that.

Flags: needinfo?(jib)

Ah, it turns out I had privacy.firstparty.isolate set to true. Is this expected UX in that case? How should it be handled?

Flags: needinfo?(jib)

I would keep the UX the same, but I have to handle the case privacy.firstparty.isolate.
In that case, the principal origin will be a mix of first-party and third-party and not be a well-formated URL.

Assignee: tnguyen → nobody
Status: ASSIGNED → NEW
Priority: P2 → P3
Whiteboard: [domsecurity-active] → [domsecurity-backlog1]
Severity: normal → S3
Has Regression Range: --- → yes
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Created:
Updated:
Size: