Closed Bug 1663851 Opened 4 years ago Closed 4 years ago

iframe allow (Feature Policy) not working for microphone on onedrive.live.com

Categories

(Core :: DOM: Security, defect)

Product:
Core
Component:
DOM: Security
Version:
80 Branch
Type:
defect

Tracking

()

Status:
RESOLVED WORKSFORME

People

(Reporter: jscher2000, Unassigned)

References

Details

User Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:80.0) Gecko/20100101 Firefox/80.0

Steps to reproduce:

Opened a Word document from OneDrive into the online Word editor (free version). For example: https://1drv.ms/w/s!AusmYpecTBblh22Cxl4WTuiV-ZKc?e=UozU1I

The site created an iframe and loaded an editor. When checking View Frame Info, the editor was hosted on https://word-edit.officeapps.live.com.

The iframe had this attribute:

allow="microphone https://word-edit.officeapps.live.com; camera https://word-edit.officeapps.live.com;"

In the editor, I clicked the Dictate button to engage the speech-to-text feature.

Actual results:

The page displayed an error dialog: "We don’t have access to your microphone. Please check that your browser has permission to use your microphone."

Expected results:

Firefox should have prompted for microphone permission.

Possible clue: the iframe tag does not have a src attribute. I really have no idea how the frame is navigated, or the precise sequence of events, because it's all built by scripts.

Component: Untriaged → DOM: Security
Product: Firefox → Core

Thanks for reporting the problem. Have you tested other browsers as well? We see the same behavior on Chrome as well so we are not entirely sure as of now if it's a Firefox bug per-se or some other problem which we should look into.

Depends on: 1572461
Blocks: 1572461
No longer depends on: 1572461

(In reply to Christoph Kerschbaumer [:ckerschb] from comment #1)

Thanks for reporting the problem. Have you tested other browsers as well? We see the same behavior on Chrome as well so we are not entirely sure as of now if it's a Firefox bug per-se or some other problem which we should look into.

I had not tested before, but I do see the same behavior in Chrome 85.

I have not installed Chromium Edge to see whether it works in Microsoft's own browser. You would think...

We're going to have to close this on our end since we'll break other sites worse if we diverge from Chrome to make this work.

Status: UNCONFIRMED → RESOLVED
Closed: 4 years ago
Resolution: --- → WORKSFORME
You need to log in before you can comment on or make changes to this bug.