New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 683938 link

Starred by 5 users

Issue metadata

Status: Fixed
Owner:
Last visit > 30 days ago
Closed: Jan 2017
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: All
Pri: 1
Type: Bug

Blocked on:
issue 625044

Blocking:
issue 704650



Sign in to add a comment

Cross-origin restriction on vibration may prevent some legitimate use cases

Project Member Reported by rbyers@chromium.org, Jan 23 2017

Issue description

In  issue 625044  we disabled all vibration in cross-origin iframes.  Although rare, we now believe there are some legitimate use cases where this could be enabled by default (without requiring a feature-policy opt-in), while preserving most of the value of the intervention.

Public standards discussion is here: https://github.com/WICG/interventions/issues/25

binlu@ is working on a particular mitigation to allow vibration after the frame has received a user gesture here: https://codereview.chromium.org/2642263006/

 

Comment 1 by rbyers@chromium.org, Jan 23 2017

Moving implementation discussion of the changes under consideration from here https://github.com/WICG/interventions/issues/25#issuecomment-274570411:

> Do you mean that Chrome Canary (by the way, nice name from Spanish Islands :-) will serve us just to make tests with our test content so we can give you feedback about how it works? This mean that those tests will serve to define if such solution can be a possible solution for Chrome V.57 release?

At this stage our plan is to land this change in Canary, and (barring any surprise problems) merge it back to the Chrome 57 branch so that it will be included in the Chrome 57 dev, beta and ultimately stable releases.  So even without any further feedback, I expect (but cannot promise) that this change will go into Chrome 57.

But it would definitely be a good idea to verify ASAP that it is indeed working correctly for your use cases as we discussed.  Eg. you can modify your player to have a 'tap to enable haptic feedback' button, and once tapped 'navigator.vibrate' begins working and returning 'true' again for the lifetime of the iframe. 

> Another question: Will you give us any tests specification previously to those test or do we have to define them according to our criteria?

Bin's change includes our own test which basically does what I've said above - taps on a cross-origin iframe and verifies that vibration is permitted afterward.

Project Member

Comment 2 by bugdroid1@chromium.org, Jan 24 2017

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/8f4a5209d0e6306060e901f89f345517e0df6219

commit 8f4a5209d0e6306060e901f89f345517e0df6219
Author: binlu <binlu@google.com>
Date: Tue Jan 24 03:38:36 2017

Allow vibrate in cross-origin iframes with user gesture.

This is to fix the issue of breaking some use cases of vibrate in
cross-origin iframes. Once the iframe has ever received a user gesture,
it will be allowed to call vibrate.

See more context:
https://github.com/WICG/interventions/issues/25

BUG= 683938 

Review-Url: https://codereview.chromium.org/2642263006
Cr-Commit-Position: refs/heads/master@{#445631}

[add] https://crrev.com/8f4a5209d0e6306060e901f89f345517e0df6219/third_party/WebKit/LayoutTests/http/tests/security/resources/cross-origin-iframe-for-vibrate-with-user-gesture-allowed.html
[modify] https://crrev.com/8f4a5209d0e6306060e901f89f345517e0df6219/third_party/WebKit/LayoutTests/http/tests/security/vibrate_in_cross_origin_iframe_blocked-expected.txt
[modify] https://crrev.com/8f4a5209d0e6306060e901f89f345517e0df6219/third_party/WebKit/LayoutTests/http/tests/security/vibrate_in_cross_origin_iframe_blocked.html
[add] https://crrev.com/8f4a5209d0e6306060e901f89f345517e0df6219/third_party/WebKit/LayoutTests/http/tests/security/vibrate_in_cross_origin_iframe_with_user_gesture_allowed-expected.txt
[add] https://crrev.com/8f4a5209d0e6306060e901f89f345517e0df6219/third_party/WebKit/LayoutTests/http/tests/security/vibrate_in_cross_origin_iframe_with_user_gesture_allowed.html
[modify] https://crrev.com/8f4a5209d0e6306060e901f89f345517e0df6219/third_party/WebKit/LayoutTests/http/tests/security/vibrate_in_same_origin_iframe_allowed-expected.txt
[modify] https://crrev.com/8f4a5209d0e6306060e901f89f345517e0df6219/third_party/WebKit/LayoutTests/http/tests/security/vibrate_in_same_origin_iframe_allowed.html
[modify] https://crrev.com/8f4a5209d0e6306060e901f89f345517e0df6219/third_party/WebKit/Source/modules/vibration/NavigatorVibration.cpp

Comment 3 by bi...@google.com, Jan 24 2017

Labels: Merge-Request-57
Request to merge the patch in comment #2 into M57, to enable some use cases which we believe are legitimate but currently blocked by the intervention in  issue 625044 .
Project Member

Comment 4 by sheriffbot@chromium.org, Jan 25 2017

Labels: -Merge-Request-57 Hotlist-Merge-Approved Merge-Approved-57
Your change meets the bar and is auto-approved for M57. Please go ahead and merge the CL to branch 2987 manually. Please contact milestone owner if you have questions.
Owners: amineer@(clank), cmasso@(bling), ketakid@(cros), govind@(desktop)

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
Project Member

Comment 5 by bugdroid1@chromium.org, Jan 25 2017

Labels: -merge-approved-57 merge-merged-2987
The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/ca1fbefb12a1ac5ef98a739e9659a8e0c1e976ba

commit ca1fbefb12a1ac5ef98a739e9659a8e0c1e976ba
Author: Rick Byers <rbyers@chromium.org>
Date: Wed Jan 25 21:14:22 2017

Allow vibrate in cross-origin iframes with user gesture.

This is to fix the issue of breaking some use cases of vibrate in
cross-origin iframes. Once the iframe has ever received a user gesture,
it will be allowed to call vibrate.

See more context:
https://github.com/WICG/interventions/issues/25

BUG= 683938 

Review-Url: https://codereview.chromium.org/2642263006
Cr-Commit-Position: refs/heads/master@{#445631}
(cherry picked from commit 8f4a5209d0e6306060e901f89f345517e0df6219)

Review-Url: https://codereview.chromium.org/2654133003 .
Cr-Commit-Position: refs/branch-heads/2987@{#95}
Cr-Branched-From: ad51088c0e8776e8dcd963dbe752c4035ba6dab6-refs/heads/master@{#444943}

[add] https://crrev.com/ca1fbefb12a1ac5ef98a739e9659a8e0c1e976ba/third_party/WebKit/LayoutTests/http/tests/security/resources/cross-origin-iframe-for-vibrate-with-user-gesture-allowed.html
[modify] https://crrev.com/ca1fbefb12a1ac5ef98a739e9659a8e0c1e976ba/third_party/WebKit/LayoutTests/http/tests/security/vibrate_in_cross_origin_iframe_blocked-expected.txt
[modify] https://crrev.com/ca1fbefb12a1ac5ef98a739e9659a8e0c1e976ba/third_party/WebKit/LayoutTests/http/tests/security/vibrate_in_cross_origin_iframe_blocked.html
[add] https://crrev.com/ca1fbefb12a1ac5ef98a739e9659a8e0c1e976ba/third_party/WebKit/LayoutTests/http/tests/security/vibrate_in_cross_origin_iframe_with_user_gesture_allowed-expected.txt
[add] https://crrev.com/ca1fbefb12a1ac5ef98a739e9659a8e0c1e976ba/third_party/WebKit/LayoutTests/http/tests/security/vibrate_in_cross_origin_iframe_with_user_gesture_allowed.html
[modify] https://crrev.com/ca1fbefb12a1ac5ef98a739e9659a8e0c1e976ba/third_party/WebKit/LayoutTests/http/tests/security/vibrate_in_same_origin_iframe_allowed-expected.txt
[modify] https://crrev.com/ca1fbefb12a1ac5ef98a739e9659a8e0c1e976ba/third_party/WebKit/LayoutTests/http/tests/security/vibrate_in_same_origin_iframe_allowed.html
[modify] https://crrev.com/ca1fbefb12a1ac5ef98a739e9659a8e0c1e976ba/third_party/WebKit/Source/modules/vibration/NavigatorVibration.cpp

Comment 6 by rbyers@chromium.org, Jan 25 2017

Status: Fixed (was: Started)
I verified the current Chrome for Android Canary build (58.0.2992.0) has this fix.
https://play.google.com/store/apps/details?id=com.chrome.canary&hl=en

Simple test page: http://output.jsbin.com/murono
Vibrations only occur after tapping on the iframe.

Comment 7 by rbyers@chromium.org, Jan 25 2017

And (for search) - when vibration is disallowed you'll now get the following error on the console (and navigator.vibrate will return false):

Blocked call to navigator.vibrate inside a cross-origin iframe because the frame has never been activated by the user: https://www.chromestatus.com/feature/5682658461876224.

Comment 8 by rbyers@chromium.org, Mar 27 2017

Blocking: 704650

Sign in to add a comment