allow=* causes WebRTC permission reprompts when already sharing
Categories
(Firefox :: Site Permissions, defect, P3)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox77 | --- | verified |
People
(Reporter: tobiasgraf87, Assigned: johannh)
References
(Blocks 1 open bug)
Details
Attachments
(3 files)
micophone-access.gif
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36
Steps to reproduce:
We run an VOIP Client wich resides in an Iframe, when Im requesting Microfone Permissions it propagates up to the Parent Frame and is requested correctly but the Permission fades away directly after use of the Microfone, with each Call incoming the Microfone permissions has to be requested again and are not stored correctly to the Site.
Actual results:
The Microfone Permissions in an Iframe cannot be stored correctly for the parent page If they use the following Syntax to setup the Iframe.
<iframe
allow="camera; microphone *"
src="http://localhost:9000/"
style="border:2px #000000 solid;"
scrolling="no"
frameborder="1"
marginheight="0px"
marginwidth="0px"
height="800"
width="600"
></iframe>
Expected results:
The Microphone Permissions should be able to remebered. As it does when im requesting the iframe with this syntax.
<iframe
allow="camera; microphone " //<-- note the missing *
src="http://localhost:9000/"
style="border:2px #000000 solid;"
scrolling="no"
frameborder="1"
marginheight="0px"
marginwidth="0px"
height="800"
width="600"
></iframe>
I recently reported an similar bug (it affected the Promt for Microfone Access) but the same Playground is able to reproduce the Issue.
https://github.com/42tg/iframe-allow-microphone
The "Not Working" Frame is only able to request the Permissions temporarily where the "Working" Frame can store the Permissions
|
Reporter | |
Comment 1•6 years ago
|
||
This is related to my previous Bug Report https://bugzilla.mozilla.org/show_bug.cgi?id=1611087
Which was closed as Duplicate from https://bugzilla.mozilla.org/show_bug.cgi?id=1609973
The behaviour that NO PROMT is requested is fixed, but there are still issues with the rights given to the Frame through the Wildcard operator * in the Iframe allow attribute.
|
||
Comment 2•6 years ago
|
||
Hi,
Unfortunately we don't count with the correct environment to run this confirmation test. As first step I'm setting component to Firefox - Site Permissions for someone to take a look at this.
Meanwhile @tobiasgraf87@gmail.com Could you please try this on our latest nightly build? You can download it from here https://nightly.mozilla.org/
Thanks.
|
||
Comment 3•6 years ago
|
||
tobiasgraf87, this is by design as the frame could be navigated and we don't want to let the embedder delegate to a non-enumerable amount of embeddees.
Jan-Ivar, perhaps we could reduce the amount of prompting though for a single session on the same set of origins?
|
Assignee | |
Comment 4•6 years ago
|
||
Usually we wouldn't reprompt with an active WebRTC device and I don't know off-hand why this would be different for allow=*, so I assume this is a bug. I can take a quick look at what's going wrong here but it might be on Jan-Ivar's turf.
|
|
Assignee | |
Comment 5•6 years ago
|
||
We can probably solve this by handling this case a bit smarter: https://searchfox.org/mozilla-central/rev/4d2a9d5dc8f0e65807ee66e2b04c64596c643b7a/browser/actors/WebRTCParent.jsm#613
|
|
Reporter | |
Comment 6•6 years ago
|
||
Hey @Augusto Pace
I testet it with the latest Nightly Build today and it still occurs.
@Johann
I personally think it whould be an improvement when the user only have to accept it once instead of each microphone usage.
But generally I think there is already an error in tge handling from allow="camera; microphone " and allow="camera *; microphone *" which should be the same but behaves differently.
|
||
Comment 7•6 years ago
|
||
Hi Tobias, thanks for reporting this, as there was a small improvement we could make to prompt less often if your page already has an active stream. Johann is on it!
I personally think it whould be an improvement when the user only have to accept it once instead of each microphone usage.
If you remove the * then your users should see the ☑ Remember this decision option in the prompt, and they can use that if they wish.
When you use * then your users will NOT get that option. This is for security reasons and is intentional as Anne mentions in comment 3.
But generally I think there is already an error in tge handling from allow="camera; microphone " and allow="camera *; microphone *" which should be the same but behaves differently.
At Mozilla we're arguing that * has poor security properties that can be exploited by malicious sites to escalate permission.
We encourage sites to remove it, since 99% of the time it's totally unnecessary and safer for users to forgo it.
See https://github.com/w3c/webappsec-feature-policy/issues/348 and e.g. https://github.com/jsfiddle/jsfiddle-issues/issues/1557
Please consider removing the * and spread the word. Thanks!
|
|
Reporter | |
Comment 8•6 years ago
|
||
Hi Jan,
Thanks for that detailed explaination, sadly I'm not in Charge to change the parent frame (salesforce) and I'm only dependant from their will to change it.
But I will try to create an bug report there.
When my users only requested once is better than the current state.
Thanks for your work and stay healthy these days.
|
|
Assignee | |
Comment 9•6 years ago
|
||
(In reply to tobiasgraf87 from comment #8)
Hi Jan,
Thanks for that detailed explaination, sadly I'm not in Charge to change the parent frame (salesforce) and I'm only dependant from their will to change it.But I will try to create an bug report there.
When my users only requested once is better than the current state.
Thanks for your work and stay healthy these days.
So Salesforce is using * attributes for embedding your site? Would you mind sharing which product of theirs does that?
Thank you!
|
|
Reporter | |
Comment 10•6 years ago
|
||
Sure, the Integration I develop is implemented with their Open CTI Interface.
https://developer.salesforce.com/docs/atlas.en-us.api_cti.meta/api_cti/sforce_api_cti_intro.htm
and is embedded with the following attributes
<iframe frameborder="0"
allow="camera *; geolocation *; microphone *; autoplay *"
src="{URL}"
width="100%"
name="sfdcSoftphone"
height="100%"
tabindex="0"
data-aura-rendered-by="1581:0"
class="openctiSoftPhone"
data-aura-class="openctiSoftPhone">
</iframe>
|
|
Reporter | |
Comment 11•5 years ago
|
||
Hey all,
do you have found an solution for the session storage of the Access Right ?
Or is here any new Progress ?
Greetings Tobias
|
|
||
Updated•5 years ago
|
|
|
Assignee | |
Comment 12•5 years ago
|
||
Sorry for the delay on this. Uploading a patch now. :)
|
|
Assignee | |
Comment 13•5 years ago
|
||
|
||
Comment 14•5 years ago
|
||
|
||
Comment 15•5 years ago
|
||
| bugherder | ||
|
|
Reporter | |
Comment 16•5 years ago
|
||
Hi thanks for your efforts.
I try to test this today with the current nightly build, but didn't get an positive result.
When im requesting the permissions in my sandbox it prompt me every time as before. Or do i have to wait another day ?
My Nightly build is 77.0a1 (2020-04-22) (64-bit).
|
|
Assignee | |
Comment 17•5 years ago
|
||
It works fine for me with the testcase on https://github.com/42tg/iframe-allow-microphone on 2020-04-22. Did you make any modifications to that before testing?
|
|
Reporter | |
Comment 18•5 years ago
|
||
Hmm, but it doesnt seems to solve my Problem then, when the permisson fades away im still getting the repromt when I'm clicking the button again.
Wich is not the case in Chrome.
|
|
Assignee | |
Comment 19•5 years ago
|
||
Yeah, this is the main difference in our implementation and again, it's highly recommended to avoid using *.
Not sure if jib or Anne want to add something to that?
|
|
||
Comment 20•5 years ago
|
||
I filed bug 1632474 on that. If the origin is listed in src, we should treat that as safelisted.
There's also a UI bug here, in that we do not include the non-default-port, leading to confusion. I filed bug 1632476 on that.
Appreciate your help here tobiasgraf87!
|
||
Updated•5 years ago
|
|
||
Comment 21•5 years ago
|
||
(In reply to Johann Hofmann [:johannh] from comment #19)
Yeah, this is the main difference in our implementation and again, it's highly recommended to avoid using
*.Not sure if jib or Anne want to add something to that?
Jonathan can you please clarify a bit what can QA can manual test here (in there is need for QA)?
I tried the demo from comment 17 but both old Nightly without the patch and latest Beta 77.0b5 close the mic connection after a few seconds or more for both Inner Frames (Not Working which has * and Working which doesn't).
|
|
Assignee | |
Comment 22•5 years ago
|
||
The test would be that while the sharing is active you're not re-prompted for permission, are you saying that's not possible to test? Note that we landed bug 1632474 in Nightly which will change the mechanism that is applied to that page a bit (the permission is now given to the top-level page), but overall the end result should be the same (no reprompting while sharing).
|
|
||
Comment 23•5 years ago
|
||
Unfortunately I don't get the notification prompt times again after the sharing is active. I allow the mic to be shared the first time but the notification does not prompt again even on old Nightly before the fix here. I tried both demos from both servers with port 3000 and 9000 :( .
Could you please confirm that this is fixed on Latest 77.0b7 Beta build if you reproduced it in the first place?
|
|
Reporter | |
Comment 24•5 years ago
|
||
At 77 the prompt was requested every time.
With https://bugzilla.mozilla.org/show_bug.cgi?id=1632474 it doesnt appear anymore.
|
|
Assignee | |
Comment 25•5 years ago
|
||
Yeah, so comparing with release this seems to work fine for me. On release you get the prompt again while sharing but not on Beta 77.
Description
•