Incorrect user activation for cross origin iframes |
|||||
Issue descriptionChrome Version: (copy from chrome://version) OS: (e.g. Win10, MacOS 10.12, etc...) What steps will reproduce the problem? (1) Open hangouts (2) Send the link https://rebeccahughes.github.io/media/iframe_bug_page.html over hangouts (3) Click the link to open the video in a new page What is the expected result? The video should not play since there has not been a user activation on the page. What happens instead? The video plays because the HasBeenActivated flag is returning true in Blink. The HasBeenActivated flag is being checked by the iframe and is returning true on the main frame (which is a remote frame). This should be false as there has been no activation. It only works if the iframe is on a different origin (so it looks like this could be related to site isolation). If you enter the URL into the omnibox and hit enter the video will not play as the HasBeenActivated flag will correctly be false. It looks like it could be limited to renderer initiated navigations.
,
Oct 3
I'm not familiar with user activation. Mustaq, can you help triage? Thanks! (I assume this applies to at least all desktop platforms; probably Android as well when Site Isolation is enabled there?)
,
Oct 4
,
Nov 27
Looks like the bug doesn't repro when UAv2 enabled. I didn't expect it because UAv2 sticky bit doesn't behave differently from past. (Observed in current Beta 71.0.3578.62) Oddly, middle-click on the hangout link repros the bug even with UAv2 enabled. --- beccahughes@: Wondering what's the significance of hangout here. When I click on the link above *in the bug* (not in hangout), the video autoplays in all these four cases: (with/without UAv2) x (left/middle click). Aren't all these wrong?
,
Nov 27
This bug is already fixed in Tot, for all four cases mentioned in the last comment! I believe shivanisha@ fixed it through Issue 901069 . |
|||||
►
Sign in to add a comment |
|||||
Comment 1 by mlamouri@chromium.org
, Oct 3Labels: Target-71
Owner: creis@chromium.org