Add SecureContext and Permission Policy to Gamepad API
Categories
(Core :: DOM: Device Interfaces, enhancement)
Tracking
()
| Tracking | Status | |
|---|---|---|
| firefox91 | --- | fixed |
People
(Reporter: marcos, Assigned: marcos)
References
Details
(Keywords: dev-doc-complete)
Attachments
(1 file)
User Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_6) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/14.0.3 Safari/605.1.15
Steps to reproduce:
Firefox currently exposes the Gamepad API in non-secure contexts and third-party contexts are not restricted to use the API by Permissions Policy.
Expected results:
We should enable SecureContext and Permissions Policy in the appropriate places.
|
||
Comment 1•4 years ago
|
||
The Bugbug bot thinks this bug should belong to the 'Core::DOM: Device Interfaces' component, and is moving the bug to that component. Please revert this change in case you think the bot is wrong.
|
||
Updated•4 years ago
|
Hi :jstutte, looks like daoshengmu's account is disabled, so not sure if he is monitoring/triaging gamepad bugs. Do you know if there is someone else I can ping for review?
|
||
Comment 6•4 years ago
|
||
Hi Marcos, it seems Johann is helping with review, so clearing the ni. Thanks for your support!
Sorry to bother you again, Jens, but I've been able to get Baku's attention on that patch (he needs to approve it - but I know he is super busy on other things and probably just fell of his radar). Would you mind either pinging on Slack or maybe finding me another DOM Peer to approve it?
|
||
Comment 10•3 years ago
|
||
Backed out for causing failures on test_hide_gamepad_info.html
- backout: https://hg.mozilla.org/integration/autoland/rev/b6432025a1f2d24d16ed0c61e8300dd30b2d5375
- push: https://treeherder.mozilla.org/jobs?repo=autoland&selectedTaskRun=CqK_AJTtSZOFsm2PPv8UQQ.0&revision=039d90d5ec6b2d7228a64ed8a0742ab1fa46550c&group_state=expanded
- failure log: https://treeherder.mozilla.org/logviewer?job_id=341505278&repo=autoland&lineNumber=2404
[task 2021-06-02T07:15:17.496Z] 07:15:17 INFO - TEST-START | browser/components/resistfingerprinting/test/mochitest/test_hide_gamepad_info.html
[task 2021-06-02T07:15:18.780Z] 07:15:18 INFO - GECKO(1566) | JavaScript error: http://mochi.test:8888/tests/browser/components/resistfingerprinting/test/mochitest/test_hide_gamepad_info_iframe.html, line 32: TypeError: navigator.getGamepads is not a function
[task 2021-06-02T07:20:37.181Z] 07:20:37 INFO - TEST-INFO | started process screentopng
[task 2021-06-02T07:20:37.358Z] 07:20:37 INFO - TEST-INFO | screentopng: exit 0
[task 2021-06-02T07:20:37.359Z] 07:20:37 INFO - TEST-UNEXPECTED-FAIL | browser/components/resistfingerprinting/test/mochitest/test_hide_gamepad_info.html | Test timed out. -
[task 2021-06-02T07:20:38.191Z] 07:20:38 INFO - Not taking screenshot here: see the one that was previously logged
[task 2021-06-02T07:20:38.192Z] 07:20:38 INFO - TEST-UNEXPECTED-FAIL | browser/components/resistfingerprinting/test/mochitest/test_hide_gamepad_info.html | [SimpleTest.finish()] No checks actually run. (You need to call ok(), is(), or similar functions at least once. Make sure you use SimpleTest.waitForExplicitFinish() if you need it.)
[task 2021-06-02T07:20:38.193Z] 07:20:38 INFO - SimpleTest.ok@SimpleTest/SimpleTest.js:417:16
[task 2021-06-02T07:20:38.194Z] 07:20:38 INFO - afterCleanup@SimpleTest/SimpleTest.js:1571:18
[task 2021-06-02T07:20:38.195Z] 07:20:38 INFO - executeCleanupFunction@SimpleTest/SimpleTest.js:1636:7
[task 2021-06-02T07:20:38.196Z] 07:20:38 INFO - SimpleTest.finish@SimpleTest/SimpleTest.js:1656:3
[task 2021-06-02T07:20:38.197Z] 07:20:38 INFO - killTest@SimpleTest/TestRunner.js:194:22
[task 2021-06-02T07:20:38.202Z] 07:20:38 INFO - GECKO(1566) | MEMORY STAT | vsize 20974723MB | residentFast 614MB
[task 2021-06-02T07:20:38.357Z] 07:20:38 INFO - TEST-OK | browser/components/resistfingerprinting/test/mochitest/test_hide_gamepad_info.html | took 320860ms
|
||
Comment 13•3 years ago
|
||
|
||
Comment 14•3 years ago
|
||
Backed out for causing failures in Event-timestamp-high-resolution.html.
Backout link: https://hg.mozilla.org/integration/autoland/rev/3f28b64ee893c6bf187c64f0d605380fea1a64c3
Failure log: https://treeherder.mozilla.org/logviewer?job_id=341733182&repo=autoland&lineNumber=7659
|
Assignee | |
Comment 16•3 years ago
|
||
Sent another try run, to be safe:
https://treeherder.mozilla.org/#/jobs?repo=try&revision=0dc201ee85cd62c0c84608541604f8cd2fafcecf
If it comes back happy, I'll attempt another merge.
|
|
||
Comment 17•3 years ago
|
||
|
||
Comment 18•3 years ago
|
||
| bugherder | ||
|
||
Comment 20•3 years ago
|
||
Could we back this out from Nightly now so that beta doesn't end up having all the regressions? Or is there some pref to disable?
|
||
Updated•3 years ago
|
|
|
Assignee | |
Comment 21•3 years ago
|
||
We should just use FeaturePolicyValue::eAll for now (gets us back to a good state without backing everything out), then figure out why FeaturePolicyValue::eSelf is not working.
I'll prepare a patch.
|
|
||
Comment 22•3 years ago
|
||
I think it would be better to backout everything in 91.
|
||
Comment 23•3 years ago
|
||
The SecureContext part shouldn't be needed to be backed out, though.
|
|
Assignee | |
Comment 24•3 years ago
|
||
We did a fix via https://bugzilla.mozilla.org/show_bug.cgi?id=1718221 - no need to back out (🤞).
|
|
||
Comment 25•3 years ago
|
||
That one isn't in the beta 91 (yet?).
|
|
Assignee | |
Comment 26•3 years ago
|
||
Not yet. Just confirmed that it should be uplifted to beta: https://bugzilla.mozilla.org/show_bug.cgi?id=1718221#c23
We should probably discuss over there if need be.
|
||
Comment 27•3 years ago
|
||
Documentation for this can be tracked in https://github.com/mdn/content/issues/6723
My understanding is that from FFv91 there will be two changes:
- GamePad will require SecureContext.
- Gamepad will be protected by a FeaturePolicy, with default policy of
*(i.e. unprotected by default). - Prior to this change you could use it in any context it wasn't subject to feature policy.
Is that correct?
I'm a little confused because it looks like the feature policy was added for "self" in FF81? https://bugzilla.mozilla.org/show_bug.cgi?id=1640086\
Can you clarify?
In terms of what a caller sees, is it still as in this hack - ie if protected the navigator.getGamepads() returns an empty array?
So essentially
- Browser compat - update GamePad APIs with the
secure_context_requiredsubfeature,. Would this also affect the extensions to other interfaces?
-Add policy for gamepad to Feature_Policy in browser compat and MDN docs: (e.g. in https://developer.mozilla.org/en-US/docs/Web/HTTP/Feature_Policy) - Anything else obvious?
|
|
Assignee | |
Comment 28•3 years ago
|
||
(In reply to Hamish Willee from comment #27)
Documentation for this can be tracked in https://github.com/mdn/content/issues/6723
My understanding is that from FFv91 there will be two changes:
- GamePad will require SecureContext.
- Gamepad will be protected by a FeaturePolicy, with default policy of
*(i.e. unprotected by default).- Prior to this change you could use it in any context it wasn't subject to feature policy.
Is that correct?
That is correct. However, the policy of "all" is temporary.
I'm a little confused because it looks like the feature policy was added for "self" in FF81? https://bugzilla.mozilla.org/show_bug.cgi?id=1640086\
Can you clarify?
The intent was that Gamepad should only be available to "self".
However, for some reason that we've not worked out yet, "self" was buggy, so we reverted "all" for now.
There is cross-browser agreement to move to "self".
In terms of what a caller sees, is it still as in this hack - ie if protected the
navigator.getGamepads()returns an empty array?
correct (though it's not a hack - it's to prevent breakage as the API is over a decade old).
So essentially
- Browser compat - update GamePad APIs with the
secure_context_requiredsubfeature,. Would this also affect the extensions to other interfaces?
Yes.
-Add policy for gamepad to Feature_Policy in browser compat and MDN docs: (e.g. in https://developer.mozilla.org/en-US/docs/Web/HTTP/Feature_Policy)
- Anything else obvious?
Yes, but noting that the W3C Spec says this will be "self".
|
|
||
Comment 29•3 years ago
|
||
Thanks Marco. I've updated the docs and BCD in https://github.com/mdn/content/issues/6723#issuecomment-886309101. Some more questions/confirmations:
- Re the discussion above "navigator.getGamepads() returns an empty array?" you indicated it still returns empty array. However the spec and the code now appear to indicate that a call to
navigator.getGamepads()throws an exception instead. Can you clarify which it is? - With respect to noting the spec differences of "self" vs "eall" I have put this in the BCD entry https://github.com/mdn/browser-compat-data/pull/11770 as a note. Still got to discuss it with the BCD people, but that's the right place for spec incompatibilities to be recorded.
- There seems to be a lot of overlap between this change and the Permissions API. Can you confirm whether or not this change also lead to a new permission in that API (I have included one in the BCD before reading more closely and realizing they are probably completely separate).
- I haven't found evidence of Webkit implementation. Chrome seems to be still behind the preference. Do you happen to know if they have implemented this without a preference? (i.e. am I missing evidence that this is released on those platforms too).
|
|
Assignee | |
Comment 30•3 years ago
|
||
Sorry for the delay, Hamish!
(In reply to Hamish Willee from comment #29)
Thanks Marco. I've updated the docs and BCD in https://github.com/mdn/content/issues/6723#issuecomment-886309101. Some more questions/confirmations:
- Re the discussion above "navigator.getGamepads() returns an empty array?" you indicated it still returns empty array. However the spec and the code now appear to indicate that a call to
navigator.getGamepads()throws an exception instead. Can you clarify which it is?
In insecure contexts, this will getGamepads() will throw because it's no longer exposed.
In secure contexts, it should work as expected.
- With respect to noting the spec differences of "self" vs "eall" I have put this in the BCD entry https://github.com/mdn/browser-compat-data/pull/11770 as a note. Still got to discuss it with the BCD people, but that's the right place for spec incompatibilities to be recorded.
Sounds great. I've subscribed, but please ping me if you need anything (@marcoscaceres on GitHub).
I'll take a look at your comments there too.
- There seems to be a lot of overlap between this change and the Permissions API. Can you confirm whether or not this change also lead to a new permission in that API (I have included one in the BCD before reading more closely and realizing they are probably completely separate).
Good point. Actually, I thought I had removed "gamepad' from the Permissions API as it doesn't actually prompt for permission.
I've sent a PR to Permissions API now to remove it.
https://github.com/w3c/permissions/pull/255
- I haven't found evidence of Webkit implementation. Chrome seems to be still behind the preference. Do you happen to know if they have implemented this without a preference? (i.e. am I missing evidence that this is released on those platforms too).
I don't think they have. I'm also waiting to when they are planning to remove the pref (it was supposed to be this month).
|
|
||
Comment 31•3 years ago
|
||
Thanks Marcos! Docs on this are pretty much done. Still waiting on BCD review of the update - question for you there https://github.com/mdn/browser-compat-data/pull/11770#discussion_r679674364 (essentially where is the spec link I can use?).
|
|
||
Updated•3 years ago
|
|
|
||
Comment 32•3 years ago
|
||
We are now in the unfortunate position of shipping this restriction as the only browser even after 6 months.
|
||
Comment 33•9 months ago
•
|
||
Announcement in Hacks:
https://hacks.mozilla.org/2020/07/securing-gamepad-api/
As per comment 32 (but it's now 2.5 years), it's not clear this was a good idea, in any case it basically is just webcompat burn for us at this point:
https://github.com/w3c/gamepad/issues/145
Description
•