New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 727699 link

Starred by 1 user

Issue metadata

Status: Fixed
Owner:
OOO until 4th Feb
Closed: Jun 2017
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Android , Windows , Chrome , Mac
Pri: 1
Type: Bug-Regression



Sign in to add a comment

Web MIDI: request from non-secure domain is rejected

Project Member Reported by toyoshim@chromium.org, May 30 2017

Issue description

We have a plan to take this behavior eventually, but probably recent behavior change on ToT is unexpected.

Repro step:
1. navigate to http://yuri.twintail.org/chrome/midi/midi.html
2. you will see SecurityError log

Expected behavior:
should be granted if request does not include the sysex option, even for non-secure origins.

I guess this is a regression due to permission code change to support FeaturePolicy.

Confirmed on Windows, but probably happens on other platforms too.
 
Owner: raymes@chromium.org
Status: Assigned (was: Untriaged)
raymes, do you think your recent permission logic changes can cause this regression?
Labels: OS-Linux
just conformed that this happens even on Linux
Labels: OS-Android OS-Chrome OS-Mac
Ran a bisect
https://chromium.googlesource.com/chromium/src/+log/766d6fcb2105bb7a6015d692db696bf63a8b1982..c2cf640fde6976075f3b8876ed68eec9d0e97a61

Looks like a regression by https://chromium.googlesource.com/chromium/src/+/c2cf640fde6976075f3b8876ed68eec9d0e97a61

I would say sorry about this case wasn't covered by any test.
Most tests rely on the mocked permission handling that content shell has, and production code are not well covered.

IIRC, we have some tests for WebView to run permission checks with production code, but could not catch this.

Comment 4 by raymes@chromium.org, May 31 2017

Ah yes, sorry this was me. I didn't know that midi was allowed from non-secure origins. Will take a look tomorrow.
Status: Fixed (was: Assigned)
I don't think this needs to be merged. The branch point for M60 was at 474934. The CL that the bug landed in was 475272. So it looks like it landed just after branch. Marking fixed.

Sign in to add a comment