New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 860798 link

Starred by 4 users
Status: Fixed
Owner:
reillyg@chromium.org
Closed: Jul 10
Cc:
jyasskin@chromium.org
fbeaufort@chromium.org
ortuno@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Android , Windows , Chrome , Mac
Pri: 3
Type: Bug



Sign in to add a comment

Complete restricting Web Bluetooth to secure contexts

Project Member Reported by reillyg@chromium.org, Jul 6 
 Issue 510224  tracked restricting Web Bluetooth to secure contexts however it only protected navigator.bluetooth.requestDevice(). The current standard for restricting an API to secure contexts is to mark the interfaces with the [SecureContext] extended attribute. This issue tracks the work to add this attribute to all Web Bluetooth interfaces.

This isn't a security issue but a developer ergonomics one as it is confusing that the Bluetooth interfaces are available at all in contexts in which they cannot be used.
Project Member

Comment 1 by bugdroid1@chromium.org, Jul 10 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/09673aa424bcfea083b4633a20bef4fc9247af01

commit 09673aa424bcfea083b4633a20bef4fc9247af01
Author: Reilly Grant <reillyg@chromium.org>
Date: Tue Jul 10 17:05:53 2018

Move [SecureContext] to NavigatorBluetooth

This change moves the [SecureContext] extended attribute from the
individual attributes on the Bluetooth interface to the entire partial
Navigator interface for Web Bluetooth.

This has the practical effect of making the entire navigator.bluetooth
attribute undefined in in-secure contexts rather than only
navigator.bluetooth.requestDevice.

Web Platform Tests are also updated to test access to this attribute
from both secure and in-secure contexts.

Bug:  860798 
Change-Id: Ife32dcfe9d035613c41399d7189e087cdb9f54d6
Reviewed-on: https://chromium-review.googlesource.com/1128248
Commit-Queue: Reilly Grant <reillyg@chromium.org>
Reviewed-by: Philip Jägenstedt <foolip@chromium.org>
Reviewed-by: Jeffrey Yasskin <jyasskin@chromium.org>
Cr-Commit-Position: refs/heads/master@{#573780}
[modify] https://crrev.com/09673aa424bcfea083b4633a20bef4fc9247af01/third_party/WebKit/LayoutTests/external/wpt/bluetooth/idl/idl-NavigatorBluetooth.html
[add] https://crrev.com/09673aa424bcfea083b4633a20bef4fc9247af01/third_party/WebKit/LayoutTests/external/wpt/bluetooth/idl/idl-NavigatorBluetooth.https.html
[rename] https://crrev.com/09673aa424bcfea083b4633a20bef4fc9247af01/third_party/WebKit/LayoutTests/external/wpt/bluetooth/idl/idlharness.tentative.https.window-expected.txt
[rename] https://crrev.com/09673aa424bcfea083b4633a20bef4fc9247af01/third_party/WebKit/LayoutTests/external/wpt/bluetooth/idl/idlharness.tentative.https.window.js
[delete] https://crrev.com/bd778734e58d81a638a07d69855d66a891014e69/third_party/WebKit/LayoutTests/http/tests/security/powerfulFeatureRestrictions/bluetooth-on-insecure-origin.html
[modify] https://crrev.com/09673aa424bcfea083b4633a20bef4fc9247af01/third_party/blink/renderer/modules/bluetooth/bluetooth.idl
[modify] https://crrev.com/09673aa424bcfea083b4633a20bef4fc9247af01/third_party/blink/renderer/modules/bluetooth/navigator_bluetooth.idl
Project Member

Comment 2 by bugdroid1@chromium.org, Jul 10 

The following revision refers to this bug:
  https://chromium.googlesource.com/chromium/src.git/+/4aa4be0b475566c8a1b879c0f8d2d0e43fa0678b

commit 4aa4be0b475566c8a1b879c0f8d2d0e43fa0678b
Author: Reilly Grant <reillyg@chromium.org>
Date: Tue Jul 10 19:24:22 2018

Add [SecureContext] to additional Web Bluetooth interfaces

This change updates the Web Bluetooth WebIDL files to match the
recently merged pull request #402 by hiding interfaces which aren't
useful in insecure contexts.

Bug:  860798 
Change-Id: I59fb1d0765754fce2eb6aefc458f550b09422c96
Reviewed-on: https://chromium-review.googlesource.com/1128462
Reviewed-by: Giovanni Ortuño Urquidi <ortuno@chromium.org>
Reviewed-by: Philip Jägenstedt <foolip@chromium.org>
Commit-Queue: Reilly Grant <reillyg@chromium.org>
Cr-Commit-Position: refs/heads/master@{#573854}
[modify] https://crrev.com/4aa4be0b475566c8a1b879c0f8d2d0e43fa0678b/third_party/blink/renderer/modules/bluetooth/bluetooth.idl
[modify] https://crrev.com/4aa4be0b475566c8a1b879c0f8d2d0e43fa0678b/third_party/blink/renderer/modules/bluetooth/bluetooth_characteristic_properties.idl
[modify] https://crrev.com/4aa4be0b475566c8a1b879c0f8d2d0e43fa0678b/third_party/blink/renderer/modules/bluetooth/bluetooth_device.idl
[modify] https://crrev.com/4aa4be0b475566c8a1b879c0f8d2d0e43fa0678b/third_party/blink/renderer/modules/bluetooth/bluetooth_remote_gatt_characteristic.idl
[modify] https://crrev.com/4aa4be0b475566c8a1b879c0f8d2d0e43fa0678b/third_party/blink/renderer/modules/bluetooth/bluetooth_remote_gatt_descriptor.idl
[modify] https://crrev.com/4aa4be0b475566c8a1b879c0f8d2d0e43fa0678b/third_party/blink/renderer/modules/bluetooth/bluetooth_remote_gatt_server.idl
[modify] https://crrev.com/4aa4be0b475566c8a1b879c0f8d2d0e43fa0678b/third_party/blink/renderer/modules/bluetooth/bluetooth_remote_gatt_service.idl

Comment 3 by reillyg@chromium.org, Jul 10

Status: Fixed (was: Assigned)

Sign in to add a comment