New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 729171 link

Starred by 2 users
Status: Available
Owner: ----
Cc:
dominickn@chromium.org
emilyschechter@chromium.org
raymes@chromium.org
benwells@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Android , Windows , Chrome , Mac
Pri: 3
Type: Bug
Team-Security-UX



Sign in to add a comment

Cannot override embargo via page info for permissions requested from cross-origin iframes

Project Member Reported by ojan@chromium.org, Jun 2 2017 
I was trying to test geolocation permission with this page: https://jsbin.com/tiqugocaru/1/edit?html,output

Here's the contents of the page:
<script>
  setTimeout(() => {
    navigator.geolocation.getCurrentPosition((position) => {
      alert(position.coords.latitude, position.coords.longitude);
    });
  }, 1000);
</script>

After I had dismissed 3 times, I correctly got the console log that it was autoblocked due to being dismissed too many times (\o/). But now I can't manually enable it. I've tried changing the setting in the page info dropdown to allow, block, and default manually and I still get it blocked with the same console message about it being blocked due to being dismissed too many times.

Comment 1 by dominickn@chromium.org, Jun 5 2017 

The issue is that you're on https://jsbin.com. But the origin that's actually requesting geolocation is https://null.jsbin.com (from the iframe injected into the page I'm guessing). So using page info to try and reset the permission doesn't work because you're not on the right top-level origin.

Long term, permission delegation will fix this. Short term, you should just clear your browsing data or use site settings to remove the embargo on null.jsbin.com.

Comment 2 by dominickn@chromium.org, Jun 5 2017

Cc: raymes@chromium.org
Labels: -Pri-1 OS-Android OS-Linux OS-Mac OS-Windows Pri-3
Summary: Cannot override embargo via page info for permissions requested from cross-origin iframes (was: blocking permissions aren't overrideable)

Comment 3 by dominickn@chromium.org, Jun 13 2017

Cc: dominickn@chromium.org
Owner: ----
Status: Available (was: Assigned)
Marking this as available - we might want to think about ways of displaying related origins.

Comment 4 by dominickn@chromium.org, Jun 22 2017

Cc: emilyschechter@chromium.org
 Issue 735866  has been merged into this issue.

Comment 5 by est...@chromium.org, Nov 10 2017

Labels: Hotlist-EnamelAndFriendsFixIt

Comment 6 by est...@chromium.org, Feb 18 2018

Labels: -Hotlist-EnamelAndFriendsFixIt

Sign in to add a comment