Closed Bug 917544 Opened 12 years ago Closed 12 years ago

getUserMedia access on the web on Firefox OS persists permissions in the session, but shouldn't be

Categories

(Core :: WebRTC, defect)

Product:
Core
Component:
WebRTC
Platform:
ARM
Gonk (Firefox OS)
Type:
defect
Priority:
Not set
Severity:
normal

Tracking

()

Status:
VERIFIED FIXED
Milestone:
mozilla27
Project Flags:
blocking-b2g koi+
Tracking Flags:
Tracking Status
firefox25 --- wontfix
firefox26 --- fixed
firefox27 --- fixed
b2g-v1.2 --- fixed

People

(Reporter: jsmith, Assigned: schien)

References

Details

Attachments

(1 file, 1 obsolete file)

not-session-for-audio-capture-permission.patch
2.21 KB, patch
schien
: review+
Details | Diff | Splinter Review
Build: 9/17/2013 Master Device: Inari STR 1. Go to http://mozilla.github.io/webrtc-landing/gum_test.html 2. Select Audio 3. Grant permissions when the perm prompt appears 4. Reload the page 5. Select Audio Expected A permission prompt should appear asking for access to your microphone. Actual The website is immediately granted access to your microphone. This means we persisted the permissions in the session we granted previously to grant access to the microphone. This is bad for getUserMedia because that's a violation of privacy given that a site then has the ability to ask upfront, kill capture, and silently enable capture later when the user does not expect it. We need to disable session persistence for getUserMedia permissions.
Blocks: 894848
blocking-b2g: --- → koi?
Blocks: b2g-getusermedia
No longer blocks: 894848
The permission should not be persistent for the browser session.
Assignee: nobody → schien
blocking-b2g: koi? → koi+
The permission request on Firefox OS has only two behaviors, remember it permanently or remember it for a session. Providing "not remember" behavior for audio/video capturing permission should do the trick.
Not remember audio-capture permission in a session.
Attachment #810366 - Flags: feedback?(fabrice)
Comment on attachment 810366 [details] [diff] [review] not-session-for-audio-capture-permission.patch Review of attachment 810366 [details] [diff] [review]: ----------------------------------------------------------------- r=me with comments addressed. ::: b2g/components/ContentPermissionPrompt.js @@ +13,5 @@ > const Cu = Components.utils; > const Cc = Components.classes; > > const PROMPT_FOR_UNKNOWN = ["geolocation", "desktop-notification", "audio-capture"]; > +const PERMISSION_NO_SESSION = ["audio-capture"]; nit: can you align both '=' and check the 80 chars limit? Also, add comments to explain what this is used for.
Comment on attachment 810366 [details] [diff] [review] not-session-for-audio-capture-permission.patch Review of attachment 810366 [details] [diff] [review]: ----------------------------------------------------------------- r=me with comments addressed. ::: b2g/components/ContentPermissionPrompt.js @@ +13,5 @@ > const Cu = Components.utils; > const Cc = Components.classes; > > const PROMPT_FOR_UNKNOWN = ["geolocation", "desktop-notification", "audio-capture"]; > +const PERMISSION_NO_SESSION = ["audio-capture"]; nit: can you align both '=' and check the 80 chars limit? Also, add comments to explain what this is used for.
Attachment #810366 - Flags: feedback?(fabrice) → review+
Update patch according to review comment, carry r+.
Attachment #810366 - Attachment is obsolete: true
Attachment #810915 - Flags: review+
https://hg.mozilla.org/mozilla-central/rev/b8e4e12a91d9
Status: NEW → RESOLVED
Closed: 12 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla27
Keywords: verifyme
QA Contact: jsmith
lgtm - I'm seeing the prompt reappear upon multiple gUM requests in an app/browser & across reloads.
Status: RESOLVED → VERIFIED
Keywords: verifyme
You need to log in before you can comment on or make changes to this bug.

Attachment

General

Creator:
Created:
Updated:
Size: