-
Notifications
You must be signed in to change notification settings - Fork 1
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Should top-level transient activation be sufficient for getDisplayMedia()
on cross-origin iframes with allow="display-capture"?
#11
Comments
See also whatwg/html#5129. |
@annevk thanks, but did you mean to link to this one as well? whatwg/html#4364
@karlt I can't think of any case like that.
I think that'd work in our case since getDisplayMedia is the lone feature enabled by Though now I'm curious, can an iframe doc get transient activation without its top-level doc also getting it? |
No, a user interaction in an iframe causes active Windows of all, even cross-origin, ancestor browsing contexts to have their timestamp updated, so all ancestor Windows (including the top-level) always get transient activation when the iframe gets it. |
I cannot think of a case like that. |
"Transient activation" isn't tracked through cc @dtapuska |
For "existing code", quirks can be used as a short term mitigation. |
The proposal here is not to pass the transient activation to a cross-origin frame by |
Let me clarify last few posts here, we are linking two different proposals here:
For the media-capture question raised in this issue, I think the answer depends on what Edit: fixed the Capability Delegation design doc link. |
@mustaqahmed if you could note that in that issue (including a link to the TAG review) that would be appreciated. I cannot open the Capability Delegation document. It would be helpful to understand how it differs from the |
Can you make that document publicly available.
That seems like a good default to me in general. |
Sorry I pasted a wrong link there! The fixed link is here (also fixed above). |
@annevk Let's discuss the new proposal through WICG/capability-delegation. I will close the HTML issue and other (quite a few) untied knots around the old proposal soon. |
Ah okay, so the problem with delegating user activation is that it's too generic. You want to delegate user activation but scoped to a particular API. I like that. |
…r getDisplayMedia() r=jib Backed out changeset 7a50bf09d726 There was no known value in relaxing the activation constraint because it didn't resolve the use case that was thought to have regressed, but apparently didn't. https://bugzilla.mozilla.org/show_bug.cgi?id=1704278#c24 This restores specified behavior, which is similar to Safari. https://github.com/w3c/mediacapture-screen-share/issues/167#issuecomment-821068685 Differential Revision: https://phabricator.services.mozilla.com/D122192
…r getDisplayMedia() r=jib Backed out changeset 7a50bf09d726 There was no known value in relaxing the activation constraint because it didn't resolve the use case that was thought to have regressed, but apparently didn't. https://bugzilla.mozilla.org/show_bug.cgi?id=1704278#c24 This restores specified behavior, which is similar to Safari. https://github.com/w3c/mediacapture-screen-share/issues/167#issuecomment-821068685 Differential Revision: https://phabricator.services.mozilla.com/D122192
This came up when we added the transient activation requirement to Gecko. The data flow affected was "click handler in main document" ->
iframe.contentWindow.postMessage()
-> "getDisplayMedia()
inside iframe". The gesture in the top-level Document does not affect cross-origin descendant Documents.I assume the purpose of the transient activation test is to require a user gesture and the precise location of the user gesture is not important?
If so, then checking for transient activation on the top-level Window instead of on the relevant global object is an option to allow this use case.
Would any host Document want to grant a cross-origin iframe "display-capture" permission but restrict its
getDisplayMedia()
calls to a user gesture specifically on the iframe?The text was updated successfully, but these errors were encountered: