calling clear() on the camera contentSetting will also clear microphone and location settings.
Reported by
rglee...@londontrustmedia.com,
Mar 10 2017
|
|||||||||||||||||
Issue descriptionUserAgent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_12_3) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/57.0.2987.98 Safari/537.36 Steps to reproduce the problem: 1. Create a new extension. 2. from a background script, block access to camera (all URLs). 3. from a background script, block access to location (all URLs). 3. from a background script, block access to microphone (all URLs). 4. visit https://github.com 5. click "Secure" beside the address, observe all three items are blocked. 6. open a browserAction popup that will clear the camera's content setting. 7. click "Secure" again, and notice that in addition to clearing the camera content setting the location and microphone content setting was also clear. What is the expected behavior? expected behaviour is only camera content rules are changed. What went wrong? clearing the camera's content settings also clears location and microphone content settings. Did this work before? N/A Does this work in other browsers? N/A Chrome version: 57.0.2987.98 Channel: stable OS Version: OS X 10.12.3 Flash Version:
,
Mar 20 2017
rgleeson@ could you please respond to the comment #1 Thank You...
,
Mar 20 2017
Hi everyone, I will try to create a reproduction extension when I have the free time.
,
Mar 20 2017
Thank you for providing more feedback. Adding requester "brajkumar@chromium.org" to the cc list and removing "Needs-Feedback" label. For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot
,
Mar 20 2017
Hi everyone, Attached is an extension that reproduces the issue. To reproduce with this extension: 1) Load the extension 2) go to https://www.google.com, and click "Secure" beside address bar. 3) Observe microphone, camera, and location access is blocked. 4) Click browser action icon, click link. 5) click "Secure" beside address bar, and observe that microphone+camera+location are no longer blocked. The expected behaviour is that microphone.clear() does not clear the content settings for the camera + location.
,
Mar 20 2017
,
Mar 20 2017
,
Mar 21 2017
This looks like an issue with the extensions ContentSetting API? Seems like the content setting clearing is a bit overzealous. +rdevlin
,
Mar 30 2017
Able to reproduce the issue on the latest canary(59.0.3056.0), stable(57.0.2987.133) on Windows-10, Linux Ubuntu 14.04 as well as per the test steps in C#5. Similar behavior is seen on older chrome version: 54.0.2786.0. Versions prior to that(50.0.2624.0 showed no microphone/camera/location access even after step 4). Marking this as Untriaged for more inputs on this.
,
Sep 6 2017
msramek: ownership is a bit unclear but I think you have dealt more with issues in this API in the past? Do you want to take a look?
,
Sep 6 2017
As far as I know it's still an issue. I've implemented a manual workaround, where when camera.clear() is called i recall microphone.block() and so on. So I have to manually track the status of each content setting, then reapply rules when one of them is cleared.
,
Sep 7 2017
I did some quick testing. The deletion happens in ContentSettingsStore::ClearContentSettingsForExtension(). This method does not have the concept of "content type" (this information is explicitly thrown away by the caller ContentSettingsContentSettingClearFunction::Run) and ContentSettingsStore is always on the same memory address. So yes, all calls to clear() necessarily delete all extension-sourced content settings. I'll look into fixing this, but I'm puzzled because the way the code is written, it looks pretty deliberate.
,
Dec 11 2017
CCing myself on this issue.
,
Aug 1
,
Aug 6
+mgalonsky@, this is the bug I was mentioning to you today. PTAL!
,
Sep 14
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/f8de26db8c2d1f871e049bfd84e86d83e73353d9 commit f8de26db8c2d1f871e049bfd84e86d83e73353d9 Author: Melissa Galonsky <mgalonsky@chromium.org> Date: Fri Sep 14 23:52:20 2018 Fix an extension api bug where clearing content settings cleared the settings for unrelated content types. The extensions api had a bug where calling clear on an instance of content settings in turn called a function that did not take content type as a parameter and cleared all content settings for that extension. This adds a function that clears the settings set by an extension for a particular content type. Bug: 700404 Change-Id: I29d519a80006a892fa27be50cf54042247032b38 Reviewed-on: https://chromium-review.googlesource.com/1179620 Reviewed-by: Karan Bhatia <karandeepb@chromium.org> Reviewed-by: Martin Šrámek <msramek@chromium.org> Commit-Queue: Melissa Galonsky <mgalonsky@chromium.org> Cr-Commit-Position: refs/heads/master@{#591528} [modify] https://crrev.com/f8de26db8c2d1f871e049bfd84e86d83e73353d9/chrome/browser/extensions/api/content_settings/content_settings_api.cc [modify] https://crrev.com/f8de26db8c2d1f871e049bfd84e86d83e73353d9/chrome/browser/extensions/api/content_settings/content_settings_apitest.cc [modify] https://crrev.com/f8de26db8c2d1f871e049bfd84e86d83e73353d9/chrome/browser/extensions/api/content_settings/content_settings_store.cc [modify] https://crrev.com/f8de26db8c2d1f871e049bfd84e86d83e73353d9/chrome/browser/extensions/api/content_settings/content_settings_store.h [add] https://crrev.com/f8de26db8c2d1f871e049bfd84e86d83e73353d9/chrome/test/data/extensions/api_test/content_settings/clearproperlygranular/manifest.json [add] https://crrev.com/f8de26db8c2d1f871e049bfd84e86d83e73353d9/chrome/test/data/extensions/api_test/content_settings/clearproperlygranular/test.html [add] https://crrev.com/f8de26db8c2d1f871e049bfd84e86d83e73353d9/chrome/test/data/extensions/api_test/content_settings/clearproperlygranular/test.js
,
Sep 21
Issue 100349 has been merged into this issue.
,
Sep 21
|
|||||||||||||||||
►
Sign in to add a comment |
|||||||||||||||||
Comment 1 by brajkumar@chromium.org
, Mar 14 2017Labels: Needs-Feedback