Bug 1627035 - Don't reprompt when an allow="*" iframe is actively sharing webrtc. r=jib

Differential Revision: https://phabricator.services.mozilla.com/D71727
2024-10-18 15:55:36 +00:00 · 2020-04-21 16:01:07 +00:00 · 2020-04-21 16:01:07 +00:00 · 4589a65ac7
commit 4589a65ac7
parent 732f1bbcce
2 changed files with 69 additions and 11 deletions
--- a/browser/actors/WebRTCParent.jsm
+++ b/browser/actors/WebRTCParent.jsm
@ -320,7 +320,14 @@ class WebRTCParent extends JSWindowActorParent {
    if (videoDevices.length && sharingScreen) {
      camAllowed = false;
    }
-    if (aRequest.isThirdPartyOrigin && !aRequest.shouldDelegatePermission) {
+    // Don't use persistent permissions from the top-level principal
+    // if we're in a cross-origin iframe and permission delegation is not
+    // allowed, or when we're handling a potentially insecure third party
+    // through a wildcard ("*") allow attribute.
+    if (
+      (aRequest.isThirdPartyOrigin && !aRequest.shouldDelegatePermission) ||
+      aRequest.secondOrigin
+    ) {
      camAllowed = false;
      micAllowed = false;
    }
@ -441,10 +448,7 @@ function prompt(aActor, aBrowser, aRequest) {
    // If the request comes from a popup, we don't want to show the prompt,
    // but we do want to allow the request if the user previously gave permission.
    if (isPopup) {
-      if (
-        aRequest.secondOrigin ||
-        !aActor.checkRequestAllowed(aRequest, principal, aBrowser)
-      ) {
+      if (!aActor.checkRequestAllowed(aRequest, principal, aBrowser)) {
        aActor.denyRequest(aRequest);
      }
      return;
@ -607,12 +611,7 @@ function prompt(aActor, aBrowser, aRequest) {
      // it is handled synchronously before we add the notification.
      // Handling of ALLOW is delayed until the popupshowing event,
      // to avoid granting permissions automatically to background tabs.
-      // If we have a secondOrigin, it means this request is lacking explicit
-      // trust, and we should always prompt even in with persistent permission.
-      if (
-        !aRequest.secondOrigin &&
-        aActor.checkRequestAllowed(aRequest, principal, aBrowser)
-      ) {
+      if (aActor.checkRequestAllowed(aRequest, principal, aBrowser)) {
        this.remove();
        return true;
      }
--- a/browser/base/content/test/webrtc/browser_devices_get_user_media_in_xorigin_frame.js
+++ b/browser/base/content/test/webrtc/browser_devices_get_user_media_in_xorigin_frame.js
@ -551,6 +551,65 @@ var gTests = [
      await promptNoDelegate("test1.example.com", false, true);
    },
  },
+  {
+    desc:
+      "Don't reprompt while actively sharing in maybe unsafe permission delegation",
+    run: async function checkNoRepromptNoDelegate() {
+      // Check that we get a prompt.
+      let observerPromise = expectObserverCalled("getUserMedia:request");
+      let promise = promisePopupNotificationShown("webRTC-shareDevices");
+      await promiseRequestDevice(true, true, "frame4");
+      await promise;
+      await observerPromise;
+
+      // Check the secondName of the notification should be the third party
+      is(
+        PopupNotifications.getNotification("webRTC-shareDevices").options
+          .secondName,
+        "test1.example.com",
+        "Use third party's origin as secondName"
+      );
+
+      const notification = PopupNotifications.panel.firstElementChild;
+      let indicator = promiseIndicatorWindow();
+      let observerPromise1 = expectObserverCalled(
+        "getUserMedia:response:allow"
+      );
+      let observerPromise2 = expectObserverCalled("recording-device-events");
+      await promiseMessage("ok", () =>
+        EventUtils.synthesizeMouseAtCenter(notification.button, {})
+      );
+      await observerPromise1;
+      await observerPromise2;
+
+      let state = await getMediaCaptureState();
+      is(!!state.audio, true, "expected microphone to be shared");
+      is(!!state.video, true, "expected camera to be shared");
+      await indicator;
+      await checkSharingUI({ audio: true, video: true });
+
+      // Check that we now don't get a prompt.
+      observerPromise = expectObserverCalled("getUserMedia:request");
+      observerPromise1 = expectObserverCalled("getUserMedia:response:allow");
+      observerPromise2 = expectObserverCalled("recording-device-events");
+      promise = promiseMessage("ok");
+      await promiseRequestDevice(true, true, "frame4");
+      await promise;
+      await observerPromise;
+
+      await promiseNoPopupNotification("webRTC-shareDevices");
+      await observerPromise1;
+      await observerPromise2;
+
+      state = await getMediaCaptureState();
+      is(!!state.audio, true, "expected microphone to be shared");
+      is(!!state.video, true, "expected camera to be shared");
+      await checkSharingUI({ audio: true, video: true });
+
+      // Cleanup.
+      await closeStream(false, "frame4");
+    },
+  },
  {
    desc:
      "Prompt and display both first party and third party origin when sharing screen in unsafe permission delegation",