Require recent user gesture for getDisplayMedia() again
Categories
(Core :: WebRTC: Audio/Video, defect, P2)
Tracking
()
People
(Reporter: karlt, Assigned: karlt)
References
(Depends on 1 open bug, Regression, )
Details
(Keywords: regression)
Attachments
(5 files)
+++ This bug was initially created as a clone of Bug #1679735 +++
"triggered by user activation" seems to have been the intention of "called from a user gesture handler", but sticky activation is what was implemented.
The spec has since loosened from "triggered by" to "transient activation".
If bug 1557174 is not fixed, then we'd need to also require the gesture there for any security benefits.
|
Assignee | |
Comment 1•4 years ago
|
||
Consider supporting top-level activation for cross-origin iframes with allow="display-capture".
The purpose of the transient activation test is to require a user gesture and the precise location of the user gesture is not important.
There is precedent in Gecko for using toplevel activation, in media autoplay. "allowed to play" is user-agent determined.
This would need some adjustment to HasValidTransientUserGestureActivation() to support out of process use.
Would any host sites want to grant an iframe "display-capture" permission but restrict its getDisplayMedia() calls to a user gesture specifically on the cross-origin iframe?
|
||
Comment 2•4 years ago
|
||
|
|
Assignee | |
Updated•4 years ago
|
|
||
Updated•3 years ago
|
|
||
Updated•3 years ago
|
|
|
||
Updated•3 years ago
|
|
|
Assignee | |
Updated•3 years ago
|
|
|
Assignee | |
Comment 3•3 years ago
|
||
|
|
Assignee | |
Comment 4•3 years ago
|
||
Backed out changeset 7a50bf09d726
There was no known value in relaxing the activation constraint because it
didn't resolve the use case that was thought to have regressed, but apparently
didn't. https://bugzilla.mozilla.org/show_bug.cgi?id=1704278#c24
This restores specified behavior, which is similar to Safari.
https://github.com/w3c/mediacapture-screen-share/issues/167#issuecomment-821068685
|
|
Assignee | |
Comment 5•3 years ago
|
||
for consistency with getDisplayMedia().
System callers are trusted to be excluded from the requirement.
The exclusion may not be strictly necessary for capture previews, but removes
any doubt and simplifies testing.
Depends on D122192
|
|
Assignee | |
Comment 6•3 years ago
|
||
This never needed to be called directly from a handler, though a
(potentially async) call should at least be triggered by a handler.
https://hg.mozilla.org/mozilla-central/rev/4d512fa7b071#l1.19
Depends on D122193
|
|
Assignee | |
Comment 7•3 years ago
|
||
No behavior changes.
Depends on D123559
|
|
Assignee | |
Comment 8•3 years ago
|
||
This constraint does not exist.
https://hg.mozilla.org/mozilla-central/rev/49e5c7d46ea0cd9515d292131259ac539652ce2b#l6.25
Depends on D123560
|
||
Comment 9•3 years ago
|
||
| bugherder | ||
https://hg.mozilla.org/mozilla-central/rev/e718e6c8bf0e
https://hg.mozilla.org/mozilla-central/rev/3d86317782d2
|
|
||
Comment 10•3 years ago
|
||
Since the status are different for nightly and release, what's the status for beta?
For more information, please visit auto_nag documentation.
|
||
Updated•3 years ago
|
|
||
Comment 11•3 years ago
|
||
Pushed by ktomlinson@mozilla.com: https://hg.mozilla.org/integration/autoland/rev/056185440c81 loosen message on failure to meet getDisplayMedia() user activation requirement r=jib https://hg.mozilla.org/integration/autoland/rev/865e8b4ab40e use more restrictive variable declarations r=jib https://hg.mozilla.org/integration/autoland/rev/d9e75cc820bc Remove spurious mozMediaSource media track constraint from tests r=jib
|
||
Comment 12•3 years ago
|
||
| bugherder | ||
|
|
Assignee | |
Updated•3 years ago
|
|
||
Updated•3 years ago
|
Description
•