New issue
Advanced search Search tips

Issue 787019 link

Starred by 2 users

Issue metadata

Status: Available
Owner: ----
Cc:
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Android , Windows , Chrome , Mac
Pri: 3
Type: Feature

Blocking:
issue 786673



Sign in to add a comment

Maybe need to add cross-origin iframes check at SensorPermissionContext class

Project Member Reported by juncai@chromium.org, Nov 20 2017

Issue description

Currently, to allow DeviceMotion and DeviceOrientation Event API to be able to access sensors (which are provided by generic sensor) in cross-origin iframes, there is no cross-origin iframe check at SensorPermissionContext class. 

We may need to add cross-origin iframes check at SensorPermissionContext class when we can grant permission for certain sensor types. SensorPermissionContext::GetPermissionStatusInternal() function doesn't have any information of which sensor type requests permission.

The Generic Sensor API is not allowed in cross-origin iframes and this is enforced by the renderer.

This is from the comments at:
https://chromium-review.googlesource.com/c/chromium/src/+/767549

 

Comment 1 by nasko@chromium.org, Nov 30 2017

Blocking: 786673

Comment 2 by juncai@chromium.org, Jan 25 2018

Cc: juncai@chromium.org
Components: Blink>Sensor
Owner: ----
Status: Available (was: Assigned)

Sign in to add a comment