Issue 794461 link

Starred by 2 users

Issue metadata

Status:	Duplicate
Merged:	issue 792993
Owner:	----
Closed:	Dec 2017
Cc:	vogelheim@chromium.org
Components:	Blink>SecurityFeature
EstimatedDays:	----
NextAction:	----
OS:	Linux
Pri:	2
Type:	Bug
Hotlist-Interop Via-Wizard-API

Flag --unsafely-treat-insecure-origin-as-secure not working with requestMediaKeySystemAccess

Reported by tho...@couchfunk.de, Dec 13 2017

Issue description

UserAgent: Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/63.0.3239.84 Safari/537.36

Steps to reproduce the problem:
1. Open chrome with `google-chrome --unsafely-treat-insecure-origin-as-secure="http://example.com" --user-data-dir=~/temp/chrome/Profile`
2. Chrome will open with a message about an unsupported flag.
3. Open `http://example.com`
4. Open the Developer Console
5. Type `navigator.requestMediaKeysystemAccess`
6. The console will output `undefined`

Steps to verify that `requestMediaKeysystemAccess` is in fact available:
1. Open `https://google.com`
2. Open the Developer Console
3. Type `navigator.requestMediaKeysystemAccess`
4. The console will output `function ...`

What is the expected behavior?
The requestMediaKeysystemAccess funciton should exist on all insecure origins set inside the flag.

After step 4 the console should output `function...`.

What went wrong?
The browser does not enable HTTPS only features despite setting the flag --unsafely-treat-insecure-origin-as-secure

Did this work before? No 

Does this work in other browsers? Yes

Chrome version: 63.0.3239.84  Channel: stable
OS Version: Ubuntu 17.04
Flash Version:

Comment 1 by tho...@couchfunk.de, Dec 13 2017

It also does not work on Windows 10 Pro 64Bit and Mac OS High Sierra

Comment 2 by n...@datablocks.net, Dec 13 2017

This is no longer working with service workers either - Windows 10 Home 64 bit.

Comment 3 by est...@chromium.org, Dec 13 2017

Cc: vogelheim@chromium.org

Comment 4 by vogelheim@google.com, Dec 13 2017

Dupe of  crbug.com/792993 .

I'd mark it as dupe; except I'm not at work and don't have my chromium.org account set up here. :-/


- The reporter is correct, as are the observations in #1 + #2.
- The flag is broken in M63. It works fine in M64 & subsequent versions.
- The release owners have decided to not do a re-release of M63. See 792993.
- The official workaround is - since this is mainly a developer/debug feature - to use the M64 beta version for the time being.
- Meanwhile, an end-to-end test for the flag has been added to ensure this will not happen again.

I'm sorry for the inconvenience.

Comment 5 by tho...@couchfunk.de, Dec 14 2017

Thanks for the clarification. I'm sorry for the dupe.

Is the beta version not available for debianish linux, yet? google-chrome-beta is still version 63.

Comment 6 by vogelheim@chromium.org, Dec 14 2017

Mergedinto: 792993
Status: Duplicate (was: Unconfirmed)

#5:
- Chrome Linux M64 beta indeed isn't out just yet. Should be any day now.
- Thanks for the report. Duplicate reports are fine; in fact, they give us additional info about the severity of the problem. It's just important that we merge them all into the 'main' bug.

►

Issue 794461 link

Issue metadata

Flag --unsafely-treat-insecure-origin-as-secure not working with requestMediaKeySystemAccess

Issue description

Comment 1 by tho...@couchfunk.de, Dec 13 2017

Comment 1 Deleted

Comment 2 by n...@datablocks.net, Dec 13 2017

Comment 2 Deleted

Comment 3 by est...@chromium.org, Dec 13 2017

Comment 3 Deleted

Comment 4 by vogelheim@google.com, Dec 13 2017

Comment 4 Deleted

Comment 5 by tho...@couchfunk.de, Dec 14 2017

Comment 5 Deleted

Comment 6 by vogelheim@chromium.org, Dec 14 2017

Comment 6 Deleted

Sign in to add a comment