iframe allow (Feature Policy) not working for microphone on onedrive.live.com
Categories
(Core :: DOM: Security, defect)
Tracking
()
People
(Reporter: jscher2000, Unassigned)
References
Details
User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:80.0) Gecko/20100101 Firefox/80.0
Steps to reproduce:
Opened a Word document from OneDrive into the online Word editor (free version). For example: https://1drv.ms/w/s!AusmYpecTBblh22Cxl4WTuiV-ZKc?e=UozU1I
The site created an iframe and loaded an editor. When checking View Frame Info, the editor was hosted on https://word-edit.officeapps.live.com.
The iframe had this attribute:
allow="microphone https://word-edit.officeapps.live.com; camera https://word-edit.officeapps.live.com;"
In the editor, I clicked the Dictate button to engage the speech-to-text feature.
Actual results:
The page displayed an error dialog: "We don’t have access to your microphone. Please check that your browser has permission to use your microphone."
Expected results:
Firefox should have prompted for microphone permission.
Possible clue: the iframe tag does not have a src attribute. I really have no idea how the frame is navigated, or the precise sequence of events, because it's all built by scripts.
Reporter | ||
Updated•4 years ago
|
Comment 1•4 years ago
|
||
Thanks for reporting the problem. Have you tested other browsers as well? We see the same behavior on Chrome as well so we are not entirely sure as of now if it's a Firefox bug per-se or some other problem which we should look into.
Updated•4 years ago
|
Reporter | ||
Comment 2•4 years ago
|
||
(In reply to Christoph Kerschbaumer [:ckerschb] from comment #1)
Thanks for reporting the problem. Have you tested other browsers as well? We see the same behavior on Chrome as well so we are not entirely sure as of now if it's a Firefox bug per-se or some other problem which we should look into.
I had not tested before, but I do see the same behavior in Chrome 85.
I have not installed Chromium Edge to see whether it works in Microsoft's own browser. You would think...
Comment 3•4 years ago
|
||
We're going to have to close this on our end since we'll break other sites worse if we diverge from Chrome to make this work.
Description
•