Web MIDI: request from non-secure domain is rejected |
||||
Issue descriptionWe have a plan to take this behavior eventually, but probably recent behavior change on ToT is unexpected. Repro step: 1. navigate to http://yuri.twintail.org/chrome/midi/midi.html 2. you will see SecurityError log Expected behavior: should be granted if request does not include the sysex option, even for non-secure origins. I guess this is a regression due to permission code change to support FeaturePolicy. Confirmed on Windows, but probably happens on other platforms too.
,
May 31 2017
just conformed that this happens even on Linux
,
May 31 2017
Ran a bisect https://chromium.googlesource.com/chromium/src/+log/766d6fcb2105bb7a6015d692db696bf63a8b1982..c2cf640fde6976075f3b8876ed68eec9d0e97a61 Looks like a regression by https://chromium.googlesource.com/chromium/src/+/c2cf640fde6976075f3b8876ed68eec9d0e97a61 I would say sorry about this case wasn't covered by any test. Most tests rely on the mocked permission handling that content shell has, and production code are not well covered. IIRC, we have some tests for WebView to run permission checks with production code, but could not catch this.
,
May 31 2017
Ah yes, sorry this was me. I didn't know that midi was allowed from non-secure origins. Will take a look tomorrow.
,
Jun 1 2017
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/5cb31a1c6f558ac77ff4f2ef20dab5899428aa46 commit 5cb31a1c6f558ac77ff4f2ef20dab5899428aa46 Author: raymes <raymes@chromium.org> Date: Thu Jun 01 04:04:13 2017 Allow web-midi permission to be granted to insecure origins https://codereview.chromium.org/2897833002 unintentionally broke WebMidi for insecure origins. This CL fixes that and adds a test. BUG= 727699 Review-Url: https://codereview.chromium.org/2914963002 Cr-Commit-Position: refs/heads/master@{#476184} [modify] https://crrev.com/5cb31a1c6f558ac77ff4f2ef20dab5899428aa46/chrome/browser/media/midi_permission_context.cc [add] https://crrev.com/5cb31a1c6f558ac77ff4f2ef20dab5899428aa46/chrome/browser/media/midi_permission_context_unittest.cc [modify] https://crrev.com/5cb31a1c6f558ac77ff4f2ef20dab5899428aa46/chrome/browser/media/midi_sysex_permission_context_unittest.cc [modify] https://crrev.com/5cb31a1c6f558ac77ff4f2ef20dab5899428aa46/chrome/test/BUILD.gn
,
Jun 1 2017
I don't think this needs to be merged. The branch point for M60 was at 474934. The CL that the bug landed in was 475272. So it looks like it landed just after branch. Marking fixed. |
||||
►
Sign in to add a comment |
||||
Comment 1 by toyoshim@chromium.org
, May 31 2017Status: Assigned (was: Untriaged)