Closed Bug 1626419 Opened 5 years ago Closed 5 years ago

Full Screen menu item doesn't work when the fullscreen API is blocked via HTTP Feature-Policy

Categories

(Core :: DOM: Core & HTML, defect)

Product:
Core
Component:
DOM: Core & HTML
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
RESOLVED FIXED
Milestone:
mozilla76
Tracking Flags:
Tracking Status
firefox76 --- fixed

People

(Reporter: ntim, Assigned: ntim)

References

(
URL
)

Details

Attachments

(1 file)

Bug 1626419 - Move FeaturePolicy check to GetFullscreenError after CallerType check.
47 bytes, text/x-phabricator-request
Details | Review

STR:

  • Open a web page with a feature policy that blocks fullscreen which has a video on it
  • Right click the video
  • Click the "Full screen" menu item

AR:

  • the menu item is enabled, but clicking it doesn't work

Console warning: Request for fullscreen was denied because of FeaturePolicy directives.

ER:
The menu item should either be hidden/disabled, or it should properly work.

We shouldn't support the HTTP header. Did that end up shipping somehow?

Flags: needinfo?(ckerschb)

(In reply to Anne (:annevk) from comment #1)

We shouldn't support the HTTP header. Did that end up shipping somehow?

302 to Johann who is in a better position to answer.

Flags: needinfo?(ckerschb) → needinfo?(jhofmann)

It's enabled in Nightly, apparently. We could consider turning it off in Nightly as well, but that's probably not the point of this bug, since I expect the same thing to happen with allow attributes?

Flags: needinfo?(jhofmann)

Thanks Jared for the testcase!

For the HTTP feature policy case (and allow attributes), I think can add && aCallerType != CallerType::System at https://searchfox.org/mozilla-central/rev/4ccefc3181f9d237ef4ca8bd17b4e7c101ddf7b5/dom/base/Element.cpp#3140

For the "legacy" allowfullscreen attribute, AFAIK we already allow it: https://searchfox.org/mozilla-central/rev/4ccefc3181f9d237ef4ca8bd17b4e7c101ddf7b5/dom/base/Document.cpp#13513-13529

Component: Video/Audio Controls → Security
Product: Toolkit → Core
Component: Security → DOM: Core & HTML
Attachment #9137791 - Attachment description: Bug 1626419 - Move FeaturePolicy check to GetFullscreenError after CallType check. → Bug 1626419 - Move FeaturePolicy check to GetFullscreenError after CallerType check.
Assignee: nobody → ntim.bugs
Status: NEW → ASSIGNED

The product::component has been changed since the backlog priority was decided, so we're resetting it.
For more information, please visit auto_nag documentation.

Priority: P3 → --
Pushed by ntim.bugs@gmail.com: https://hg.mozilla.org/integration/autoland/rev/4c9f5c8ec753 Move FeaturePolicy check to GetFullscreenError after CallerType check. r=emilio
See Also: → 1627134

https://hg.mozilla.org/mozilla-central/rev/4c9f5c8ec753

Status: ASSIGNED → RESOLVED
Closed: 5 years ago
status-firefox76: --- → fixed
Resolution: --- → FIXED
Target Milestone: --- → mozilla76

I filed bug 1627890 on disabling/removing the header code.

You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: