1924572 - Temporary permissions don't show up in permissions.query()

Status: RESOLVED FIXED

(Core :: Permission Manager, defect, P2)

Description

[Jan-Ivar Bruaroey [:jib] (needinfo? me)]

Only persisted permissions currently show up in permissions.query() results, due to an internal limitation. This violates spec and makes it difficult for web developers to rely on permissions.query() results, which hurts interop.

Applies to all site permissions exposed via the permissions API that implement temporary permissions (at least: geolocation, microphone, camera)

STR 1 (geolocation granted):

1. Open https://jan-ivar.github.io/dummy/location.html
2. Click the Get geolocation position button + Allow (leave ☐ Remember this decision unchecked)
3. Click the Get geolocation position button again (no prompt because permission is granted)

Expected result:

geolocation query: prompt
Your current position is: XXX x -YYY, more or less 40 meters.
geolocation query: granted
Your current position is: XXX x -YYY, more or less 40 meters.
geolocation query: granted

Actual result:

geolocation query: prompt
Your current position is: XXX x -YYY, more or less 40 meters.
geolocation query: prompt
Your current position is: XXX x -YYY, more or less 40 meters.
geolocation query: prompt

STR 2 (camera blocked):

1. Open https://jan-ivar.github.io/dummy/enumerate_query.html
2. Click the Start Camera! button + Block (leave ☐ Remember for all cameras unchecked)
3. Click the Start Camera! button again (no prompt because permission is blocked)
4. Click the Query! button

Expected result:

Initial: camera = "prompt", microphone = "prompt"
NotAllowedError: The request is not allowed by the user agent or the platform in the current context.
NotAllowedError: The request is not allowed by the user agent or the platform in the current context.
Query: camera = "blocked", microphone = "blocked"

Actual result:

Initial: camera = "prompt", microphone = "prompt"
NotAllowedError: The request is not allowed by the user agent or the platform in the current context.
NotAllowedError: The request is not allowed by the user agent or the platform in the current context.
Query: camera = "prompt", microphone = "prompt"

Note: temporary grants already work for camera & microphone thanks to Firefox's persisted "Always Ask" feature (bug 1609427), but blocks do not.

Comment 1

[steve s]

I'm not sure if this is related, but with Firefox v132.0, the navigator.permissions.query has betrayed me. It says permissions are granted, however enumerating devices fails. As a result, I have to randomly load an audio stream, then enumerate, and only then can I load the saved device.

To replicate, assuming you previously granted permission to a site before:

await navigator.permissions.query({ name: "camera" });
=>
PermissionStatus { name: "camera", state: "granted", onchange: null }
** note that state == "granted"

await navigator.mediaDevices.enumerateDevices()
=>
0: MediaDeviceInfo { deviceId: "", kind: "audioinput", label: "", … }​
1: MediaDeviceInfo { deviceId: "", kind: "videoinput", label: "", … }
** note, no device info is provided

await navigator.mediaDevices.getUserMedia({audio:true, video:false})
=>MediaStream

And then finally,

await navigator.mediaDevices.enumerateDevices()
=>
0: MediaDeviceInfo { deviceId: "Vmj6e3PiuaalSsOrPbIuRcQXlQtkWE3Bsv8/bwd1GDI=", kind: "audioinput", label: "Digital Audio Interface (Cam Link)",
1: MediaDeviceInfo { deviceId: "", kind: "videoinput", label: "", … }

I'm assuming this is a bug related to the OP as I can't imagine this workflow being intentional.

Apologies for the lame contribution, but I hope it still helps.

Comment 2

[Jan-Ivar Bruaroey [:jib] (needinfo? me)]

(In reply to steve s from comment #1)

I'm not sure if this is related, but with Firefox v132.0, the navigator.permissions.query has betrayed me. It says permissions are granted, however enumerating devices fails. As a result, I have to randomly load an audio stream, then enumerate,

Hi steve, sorry for not seeing your message sooner!

Permission is for device access, not enumeration. Sadly, Chrome works differently here still, which is probably the source of the confusion.

Firefox 132 (bug 1916993) turned off legacy enumeration as described in Intent to ship privacy improvements in enumerateDevices().

and only then can I load the saved device.

I'm not sure what you mean by "load the saved device". You should be able to call getUserMedia directly with any deviceId stashed in localStorage, without blocking on either permission or enumeration. Example: https://jsfiddle.net/jib1/qk8och13/

Regarding Firefox's permissions.query behavior and when it returns "granted" this works as intended. See Intent to ship "camera" & "microphone" in permissions.query(). See also this comment.

This bug remains open to track missing work for temporary permissions other than camera and microphone (such as location), as well as camera and microphone on Android for reasons explained in bug 1902460 comment 6.

Hope that helps.

Comment 4

[Emma Zühlcke [:emz]]

Attachment: Bug 1924572 - Move temporary permissions from SitePermissions.sys.mjs into PermissionManager. r=#permissions!

Implement browser-scoped (per-tab) temporary permissions in the C++
PermissionManager, replacing the JS TemporaryPermissions WeakMap in
SitePermissions.sys.mjs. Permissions are keyed by BrowserId, which is stable
across BrowsingContext replacements. SitePermissions.sys.mjs becomes a thin
wrapper over the new nsIPermissionManager APIs.

Comment 5

[Emma Zühlcke [:emz]]

Attachment: Bug 1924572 - Add tests for browser-scoped temporary permissions in PermissionManager. r=#permissions!

Add xpcshell tests covering the new C++ browser-scoped permission manager
methods. Update existing SitePermissions and browser tests for the new API.

Comment 6

[Phabricator Automation]

Comment on attachment 9552801 [details]
Bug 1924572 - Move temporary permissions from SitePermissions.sys.mjs into PermissionManager. r=#permissions!

Revision D287657 was moved to bug 2023237. Setting attachment 9552801 [details] to obsolete.

Comment 7

[Phabricator Automation]

Comment on attachment 9552802 [details]
Bug 1924572 - Add tests for browser-scoped temporary permissions in PermissionManager. r=#permissions!

Revision D287658 was moved to bug 2023237. Setting attachment 9552802 [details] to obsolete.

Comment 8

[Emma Zühlcke [:emz]]

Attachment: Bug 1924572 - Expose browser-scoped temporary permissions to the Permissions API. r=#permissions!

Forward browser-scoped permissions to child processes via PContent IPC so that
navigator.permissions.query() and PermissionStatus.onchange reflect temporary
permission state. Integrate with PermissionDelegateHandler for cross-process
iframe delegation.

Comment 9

[Pulsebot]

Pushed by ezuehlcke@mozilla.com:
https://github.com/mozilla-firefox/firefox/commit/3ad2afba6df8
https://hg.mozilla.org/integration/autoland/rev/215d77a1487a
Expose browser-scoped temporary permissions to the Permissions API. r=permissions-reviewers,timhuang

Comment 10

[Sandor Molnar[:smolnar]]

https://hg.mozilla.org/mozilla-central/rev/215d77a1487a

Comment 11

[Emma Zühlcke [:emz]]

Release Note Request (optional, but appreciated)
[Why is this notable]: Temporary permissions are now correctly reflected in the permissions API. Temporary permissions get set when users grant or deny site permissions without checking the "remember" checkbox. This change is important for web compatibility. Sites rely on the permissions API to query the correct permission state. It also closes a spec-gap.
[Affects Firefox for Android]: No, Fenix does not have temporary permission state IIRC.
[Suggested wording]: Temporary site permissions are now correctly reflected in the Permissions API.
[Links (documentation, blog post, etc)]: -

Comment 12

[Ryan VanderMeulen [:RyanVM]]

Thanks, added to the Fx151 nightly release notes, please allow 30 minutes for the site to update.
Keeping the relnote-firefox flag as ? to keep it on the radar for inclusion in the final Fx151 release notes.