New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 904425 link

Starred by 1 user
Status: Assigned
Owner:
odejesush@chromium.org
Cc:
krajshree@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Windows , Mac
Pri: 2
Type: Bug



Sign in to add a comment

Geolocation in cross-origin iframes

Reported by adfath...@gmail.com, Nov 12 
Chrome Version       : 70.0.3538.77
URLs (if applicable) : x-origin iframes

What steps will reproduce the problem?
(1) Use a cross-origin iFrame with allow="geolocation"
(2) In the iFrame, execute a script which fetches the user's location:
navigator.geolocation.getCurrentPosition(handlePosition, errorCallback);

What is the expected result?
Geolocation requests should trigger a request for location from the user, then fetch the geolocation results.

What happens instead?
Geolocation access has been blocked because of a Feature Policy applied to the current document. See https://goo.gl/EuHzyv for more details. 
Is printed in the console.

Comment 1 by phanindra.mandapaka@chromium.org, Nov 12

Labels: Needs-Triage-M70

Comment 2 by dtapuska@google.com, Nov 12

Components: Blink>Geolocation

Comment 3 by krajshree@chromium.org, Nov 13

Cc: krajshree@chromium.org
Labels: Triaged-ET Needs-Feedback
adfathman@ - Thanks for filing the issue...!!

Could you please provide a sample test file/url to test the issue from TE-end.
This will help us in triaging the issue further.

Thanks...!!

Comment 4 by reillyg@chromium.org, Nov 15

Components: Blink>FeaturePolicy
Adding Feature Policy component because this seems like a bug however an example URL will be very helpful as we already have tests that should be covering simple cases such as this.

Comment 5 by adfath...@gmail.com, Nov 15 

Example: https://jsfiddle.net/0a7yxu8b/1/
Works in Firefox with prompt
Doesn't Work in Chrome. This is true even when clicking the lock next to the URL, setting the permission to "Allow", or going to Chrome settings and just auto allowing Location.
Project Member

Comment 6 by sheriffbot@chromium.org, Nov 15

Labels: -Needs-Feedback
Thank you for providing more feedback. Adding the requester to the cc list.

For more details visit https://www.chromium.org/issue-tracking/autotriage - Your friendly Sheriffbot

Comment 7 by krajshree@chromium.org, Nov 15

Labels: -Pri-3 Target-72 M-72 FoundIn-71 FoundIn-70 FoundIn-72 OS-Linux OS-Mac OS-Windows Pri-2
Status: Untriaged (was: Unconfirmed)
Able to reproduce the issue on Mac 10.13.6, Win-10 and Ubuntu 17.10 using chrome reported version #70.0.3538.77 and latest canary #72.0.3610.0.
This is a non-regression issue as it is observed from M60 old builds. 
Hence, marking it as untriaged to get more inputs from dev team.

Thanks...!!

Comment 8 by reillyg@chromium.org, Nov 21

Owner: odejesush@chromium.org
odejesush@ to try to reproduce. We cannot reproduce a failure on Chrome 70 or 71. In both cases the demo link asks for permission and prints the current location to the console.

Comment 9 by reillyg@chromium.org, Nov 21

Status: Assigned (was: Untriaged)

Comment 10 by odejesush@chromium.org, Nov 21

Labels: -FoundIn-70 -FoundIn-71 -FoundIn-72
I tried the JSFiddle example in Linux Chrome 70.0.3538.77, and I was not able to reproduce the problem. As soon as I loaded the JSFiddle example, I received a request to allow https://importagenttest.firebaseapp.com to access my location, and the console printed my latitude and longitude. Clicking on the "Click Me!" button refreshes the location.

Comment 11 by odejesush@chromium.org, Jan 11

Labels: Needs-Feedback
Hi adfathman,

I tested the example URL again in the current stable build (71.0.3578.98 (Official Build) (64-bit)) in Linux and Mac as well as the dev channel build (73.0.3664.3 (Official Build) dev (64-bit)) in Linux. Do you still see this issue in the latest canary build?

Sign in to add a comment