New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 593345 link

Starred by 1 user
Status: Duplicate
Merged: issue 442446
Owner:
raymes@chromium.org
OOO until 4th Feb
Closed: Jun 2016
Cc:
finnur@chromium.org
rolfe@chromium.org
benwells@chromium.org
EstimatedDays: ----
NextAction: ----
OS: Windows
Pri: 2
Type: Feature



Sign in to add a comment

Cannot directly edit Location Exceptions

Reported by epicclan...@gmail.com, Mar 9 2016 
UserAgent: Mozilla/5.0 (Windows NT 6.1; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/48.0.2564.116 Safari/537.36

Steps to reproduce the problem:
1. Enter Content Settings -> Location -> Manage Exceptions
2. Cannot enter new exceptions for allow/deny

What is the expected behavior?
Notification Exceptions directly below has a similar screen that allows the user to manually add notification exceptions.  This behavior is expected in the Locations area.

What went wrong?
Trying to write HTML 5 geolocation code to obtain browser's general location, Chrome denies access.  I went to add an exception and discovered that it is impossible.

Did this work before? N/A 

Chrome version: 48.0.2564.116  Channel: stable
OS Version: 6.1 (Windows 7, Windows Server 2008 R2)
Flash Version: Shockwave Flash 20.0 r0

Comment 1 by lgar...@chromium.org, Mar 10 2016

Components: Security>UX
Labels: -Restrict-View-SecurityTeam
Owner: raymes@chromium.org
Status: Assigned (was: Unconfirmed)
We have a bunch of known inconsistencies like that.

Raymes hopefully knows what's up.

Comment 2 by raymes@chromium.org, Mar 10 2016

Cc: finnur@chromium.org rolfe@chromium.org benwells@chromium.org
This will be changing with the material redesign but I still don't think it will allow geolocation exceptions to be added. It would be nice to be consistent across permissions.

Any thoughts rolfe/finnur?

Comment 3 by infe...@chromium.org, Mar 10 2016

Labels: -Type-Bug-Security Type-Feature
Looks like a feature request, not a security vulnerability.

Comment 4 by epicclan...@gmail.com, Mar 10 2016 

It's not a vulnerability, you can remove exceptions manually, just not add them.  As a developer, I would really appreciate the ability to use this line of code without having to actually serve the page:

navigator.geolocation.getCurrentPosition(function(position) { });

I of course do not just want any old .HTML file on my computer to be able to do this as it would be a security concern, so I want to be able to add URL exceptions.  Do you not see the benefit here?

Comment 5 by rolfe@chromium.org, Mar 10 2016 

There's a related bug on this (private right now but finnur@ let me know if you think we can open it up)
https://bugs.chromium.org/p/chromium/issues/detail?id=442446#c12

We talked about how only JavaScript has exception options mocked up and implemented but that it wouldn't be a biggie to add it to other settings. I'm OK with it if anyone wants to build it!

Comment 6 by raymes@chromium.org, Jun 15 2016

Mergedinto: 442446
Status: Duplicate (was: Assigned)

Comment 7 by lafo...@chromium.org, Dec 9 2016

Components: -Security>UX
Labels: Team-Security-UX
Security>UX component is deprecated in favor of the Team-Security-UX label

Sign in to add a comment