mirror of
https://github.com/mozilla/gecko-dev.git
synced 2024-10-18 15:55:36 +00:00
Bug 1627035 - Don't reprompt when an allow="*" iframe is actively sharing webrtc. r=jib
Differential Revision: https://phabricator.services.mozilla.com/D71727
This commit is contained in:
parent
732f1bbcce
commit
4589a65ac7
@ -320,7 +320,14 @@ class WebRTCParent extends JSWindowActorParent {
|
||||
if (videoDevices.length && sharingScreen) {
|
||||
camAllowed = false;
|
||||
}
|
||||
if (aRequest.isThirdPartyOrigin && !aRequest.shouldDelegatePermission) {
|
||||
// Don't use persistent permissions from the top-level principal
|
||||
// if we're in a cross-origin iframe and permission delegation is not
|
||||
// allowed, or when we're handling a potentially insecure third party
|
||||
// through a wildcard ("*") allow attribute.
|
||||
if (
|
||||
(aRequest.isThirdPartyOrigin && !aRequest.shouldDelegatePermission) ||
|
||||
aRequest.secondOrigin
|
||||
) {
|
||||
camAllowed = false;
|
||||
micAllowed = false;
|
||||
}
|
||||
@ -441,10 +448,7 @@ function prompt(aActor, aBrowser, aRequest) {
|
||||
// If the request comes from a popup, we don't want to show the prompt,
|
||||
// but we do want to allow the request if the user previously gave permission.
|
||||
if (isPopup) {
|
||||
if (
|
||||
aRequest.secondOrigin ||
|
||||
!aActor.checkRequestAllowed(aRequest, principal, aBrowser)
|
||||
) {
|
||||
if (!aActor.checkRequestAllowed(aRequest, principal, aBrowser)) {
|
||||
aActor.denyRequest(aRequest);
|
||||
}
|
||||
return;
|
||||
@ -607,12 +611,7 @@ function prompt(aActor, aBrowser, aRequest) {
|
||||
// it is handled synchronously before we add the notification.
|
||||
// Handling of ALLOW is delayed until the popupshowing event,
|
||||
// to avoid granting permissions automatically to background tabs.
|
||||
// If we have a secondOrigin, it means this request is lacking explicit
|
||||
// trust, and we should always prompt even in with persistent permission.
|
||||
if (
|
||||
!aRequest.secondOrigin &&
|
||||
aActor.checkRequestAllowed(aRequest, principal, aBrowser)
|
||||
) {
|
||||
if (aActor.checkRequestAllowed(aRequest, principal, aBrowser)) {
|
||||
this.remove();
|
||||
return true;
|
||||
}
|
||||
|
@ -551,6 +551,65 @@ var gTests = [
|
||||
await promptNoDelegate("test1.example.com", false, true);
|
||||
},
|
||||
},
|
||||
{
|
||||
desc:
|
||||
"Don't reprompt while actively sharing in maybe unsafe permission delegation",
|
||||
run: async function checkNoRepromptNoDelegate() {
|
||||
// Check that we get a prompt.
|
||||
let observerPromise = expectObserverCalled("getUserMedia:request");
|
||||
let promise = promisePopupNotificationShown("webRTC-shareDevices");
|
||||
await promiseRequestDevice(true, true, "frame4");
|
||||
await promise;
|
||||
await observerPromise;
|
||||
|
||||
// Check the secondName of the notification should be the third party
|
||||
is(
|
||||
PopupNotifications.getNotification("webRTC-shareDevices").options
|
||||
.secondName,
|
||||
"test1.example.com",
|
||||
"Use third party's origin as secondName"
|
||||
);
|
||||
|
||||
const notification = PopupNotifications.panel.firstElementChild;
|
||||
let indicator = promiseIndicatorWindow();
|
||||
let observerPromise1 = expectObserverCalled(
|
||||
"getUserMedia:response:allow"
|
||||
);
|
||||
let observerPromise2 = expectObserverCalled("recording-device-events");
|
||||
await promiseMessage("ok", () =>
|
||||
EventUtils.synthesizeMouseAtCenter(notification.button, {})
|
||||
);
|
||||
await observerPromise1;
|
||||
await observerPromise2;
|
||||
|
||||
let state = await getMediaCaptureState();
|
||||
is(!!state.audio, true, "expected microphone to be shared");
|
||||
is(!!state.video, true, "expected camera to be shared");
|
||||
await indicator;
|
||||
await checkSharingUI({ audio: true, video: true });
|
||||
|
||||
// Check that we now don't get a prompt.
|
||||
observerPromise = expectObserverCalled("getUserMedia:request");
|
||||
observerPromise1 = expectObserverCalled("getUserMedia:response:allow");
|
||||
observerPromise2 = expectObserverCalled("recording-device-events");
|
||||
promise = promiseMessage("ok");
|
||||
await promiseRequestDevice(true, true, "frame4");
|
||||
await promise;
|
||||
await observerPromise;
|
||||
|
||||
await promiseNoPopupNotification("webRTC-shareDevices");
|
||||
await observerPromise1;
|
||||
await observerPromise2;
|
||||
|
||||
state = await getMediaCaptureState();
|
||||
is(!!state.audio, true, "expected microphone to be shared");
|
||||
is(!!state.video, true, "expected camera to be shared");
|
||||
await checkSharingUI({ audio: true, video: true });
|
||||
|
||||
// Cleanup.
|
||||
await closeStream(false, "frame4");
|
||||
},
|
||||
},
|
||||
{
|
||||
desc:
|
||||
"Prompt and display both first party and third party origin when sharing screen in unsafe permission delegation",
|
||||
|
Loading…
Reference in New Issue
Block a user