Closed Bug 917544 Opened 9 years ago Closed 8 years ago

getUserMedia access on the web on Firefox OS persists permissions in the session, but shouldn't be

Categories

(Core :: WebRTC, defect)

ARM
Gonk (Firefox OS)
defect
Not set
normal

Tracking

()

VERIFIED FIXED
mozilla27
blocking-b2g koi+
Tracking Status
firefox25 --- wontfix
firefox26 --- fixed
firefox27 --- fixed
b2g-v1.2 --- fixed

People

(Reporter: jsmith, Assigned: schien)

References

Details

Attachments

(1 file, 1 obsolete file)

Build: 9/17/2013 Master
Device: Inari

STR

1. Go to http://mozilla.github.io/webrtc-landing/gum_test.html
2. Select Audio
3. Grant permissions when the perm prompt appears
4. Reload the page
5. Select Audio

Expected

A permission prompt should appear asking for access to your microphone.

Actual

The website is immediately granted access to your microphone. This means we persisted the permissions in the session we granted previously to grant access to the microphone. This is bad for getUserMedia because that's a violation of privacy given that a site then has the ability to ask upfront, kill capture, and silently enable capture later when the user does not expect it. We need to disable session persistence for getUserMedia permissions.
Blocks: 894848
blocking-b2g: --- → koi?
Blocks: b2g-getusermedia
No longer blocks: 894848
The permission should not be persistent for the browser session.
Assignee: nobody → schien
blocking-b2g: koi? → koi+
The permission request on Firefox OS has only two behaviors, remember it permanently or remember it for a session. Providing "not remember" behavior for audio/video capturing permission should do the trick.
Not remember audio-capture permission in a session.
Attachment #810366 - Flags: feedback?(fabrice)
Comment on attachment 810366 [details] [diff] [review]
not-session-for-audio-capture-permission.patch

Review of attachment 810366 [details] [diff] [review]:
-----------------------------------------------------------------

r=me with comments addressed.

::: b2g/components/ContentPermissionPrompt.js
@@ +13,5 @@
>  const Cu = Components.utils;
>  const Cc = Components.classes;
>  
>  const PROMPT_FOR_UNKNOWN = ["geolocation", "desktop-notification", "audio-capture"];
> +const PERMISSION_NO_SESSION = ["audio-capture"];

nit: can you align both '=' and check the 80 chars limit?
Also, add comments to explain what this is used for.
Comment on attachment 810366 [details] [diff] [review]
not-session-for-audio-capture-permission.patch

Review of attachment 810366 [details] [diff] [review]:
-----------------------------------------------------------------

r=me with comments addressed.

::: b2g/components/ContentPermissionPrompt.js
@@ +13,5 @@
>  const Cu = Components.utils;
>  const Cc = Components.classes;
>  
>  const PROMPT_FOR_UNKNOWN = ["geolocation", "desktop-notification", "audio-capture"];
> +const PERMISSION_NO_SESSION = ["audio-capture"];

nit: can you align both '=' and check the 80 chars limit?
Also, add comments to explain what this is used for.
Attachment #810366 - Flags: feedback?(fabrice) → review+
Update patch according to review comment, carry r+.
Attachment #810366 - Attachment is obsolete: true
Attachment #810915 - Flags: review+
https://hg.mozilla.org/mozilla-central/rev/b8e4e12a91d9
Status: NEW → RESOLVED
Closed: 8 years ago
Resolution: --- → FIXED
Target Milestone: --- → mozilla27
Keywords: verifyme
QA Contact: jsmith
lgtm - I'm seeing the prompt reappear upon multiple gUM requests in an app/browser & across reloads.
Status: RESOLVED → VERIFIED
Keywords: verifyme
You need to log in before you can comment on or make changes to this bug.