Discussion:
Issue 530507 in chromium: Cannot use getUserMedia in a chrome-extension: frame in a http: document.
(too old to reply)
c***@googlecode.com
2015-09-11 10:07:19 UTC
Permalink
Status: Assigned
Owner: ***@chromium.org
Labels: Type-Bug-Regression Pri-1 M-47 OS-Chrome OS-Windows OS-Linux OS-Mac
Cr-Platform-Extensions Cr-Privacy Cr-Blink-GetUserMedia

New issue 530507 by ***@robwu.nl: Cannot use getUserMedia in a
chrome-extension: frame in a http: document.
https://code.google.com/p/chromium/issues/detail?id=530507

Chrome version: 47.0.2508.0

Starting with Chrome 47, extensions that want to add WebRTC or screen
sharing functionality to any tab won't work any more, because of the
requirement to have a secure origin in the top-level frame.

Related issues:
- issue 528802 (IFrame using https from http or https from http)
- issue 520765 (Deprecation and removal of powerful features on insecure
origins)
- https://crbug.com/456628#c36

What steps will reproduce the problem?
1. Download the attached files.
2. Start Chrome, visit chrome://extensions/, click on Load unpacked
extension and select the directory containing the files from the previous
step.
3. Visit http://example.com
4. The extension will now insert 3 iframes in the document: http:, https:
and chrome-extension:, and in each frame call navigator.webkitGetUserMedia.

What is the expected result?
- Either all gUM requests should be accepted (e.g. as in
chrome-44.0.2403.125.png).
- Or only http should be blocked (or also https frames because of issue
520765).
- And in all cases, gUM should work at chrome-extension:-origins.
Extensions cannot be embedded by default, the page must be declared in
web_accessible_resources. So the risk of leaking information from gUM via
an extension is low.

What happens instead of that?
- gUM is blocked in all cases, including chrome-extension:
(chrome-47.0.2508.0.png).


Alternatives:
- Audio can be requested and played back at an extension's background page,
after the extension has requested permissions for it (currently, this
requires calling gUM at a visible tab, but if this bug is marked as
WontFix, then https://codereview.chromium.org/786523002/ should be merged
to allow extension authors to still offer a good user experience).

- Open a new tab / popup. Disadvantage: This does not allow easy
integration in the current page.

- Video is requested at the extension's background page, drawn on a
<canvas>, serialized (e.g. to a data:-URL), transferred to a content script
which paints the result on a <canvas> in the tab. This is highly
inefficient, but the only option if the extension needs to integrate video
in the current tab.

Attachments:
manifest.json 389 bytes
frame.js 612 bytes
frame.html 105 bytes
contentscript.js 499 bytes
chrome-44.0.2403.125.png 115 KB
chrome-47.0.2508.0.png 123 KB
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
--
--
Automated mail from issue updates at http://crbug.com/
Subscription options: http://groups.google.com/a/chromium.org/group/chromium-bugs

To unsubscribe from this group and stop receiving emails from it, send an email to chromium-bugs+***@chromium.org.
c***@googlecode.com
2015-09-15 16:14:45 UTC
Permalink
Updates:
Cc: ***@chromium.org

Comment #1 on issue 530507 by ***@chromium.org: Cannot use
getUserMedia in a chrome-extension: frame in a http: document.
https://code.google.com/p/chromium/issues/detail?id=530507

(No comment was entered for this change.)
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
--
--
Automated mail from issue updates at http://crbug.com/
Subscription options: http://groups.google.com/a/chromium.org/group/chromium-bugs

To unsubscribe from this group and stop receiving emails from it, send an email to chromium-bugs+***@chromium.org.
c***@googlecode.com
2015-09-29 16:02:53 UTC
Permalink
Comment #2 on issue 530507 by ***@robwu.nl: Cannot use getUserMedia in a
chrome-extension: frame in a http: document.
https://code.google.com/p/chromium/issues/detail?id=530507

Ping ***@.

Please react on this bug. Extensions that rely on WebRTC may break if you
don't take any action.
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
--
--
Automated mail from issue updates at http://crbug.com/
Subscription options: http://groups.google.com/a/chromium.org/group/chromium-bugs

To unsubscribe from this group and stop receiving emails from it, send an email to chromium-bugs+***@chromium.org.
c***@googlecode.com
2015-10-01 22:05:38 UTC
Permalink
Comment #7 on issue 530507 by ***@robwu.nl: Cannot use getUserMedia in a
chrome-extension: frame in a http: document.
https://code.google.com/p/chromium/issues/detail?id=530507

#5 chrome-extension: origins are already treated as a secure origin for
most purposes. But starting in Chrome 47, gUM fails even on secure origins
if the top-level origin is insecure (see links in my first post).

#6
Exactly like that. What I'm saying is that extension frames should always
be allowed to use gUM, and that allowing that does not significantly
increase the risk for users.
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
--
--
Automated mail from issue updates at http://crbug.com/
Subscription options: http://groups.google.com/a/chromium.org/group/chromium-bugs

To unsubscribe from this group and stop receiving emails from it, send an email to chromium-bugs+***@chromium.org.
c***@googlecode.com
2015-10-02 04:10:18 UTC
Permalink
Updates:
Cc: ***@chromium.org

Comment #8 on issue 530507 by ***@chromium.org: Cannot use getUserMedia in
a chrome-extension: frame in a http: document.
https://code.google.com/p/chromium/issues/detail?id=530507

Hi ***@. This is blocked because the Privileged Contexts spec
(http://www.w3.org/TR/powerful-features/) is very specific in it's
algorithm, and a privileged context must have all emebedder frames in the
parent chain be secure to be considered priveleged (it's really a misnomer
to call this issue "secure origins" since it's really about privieleged
contexts, and it's my fault for originally calling it that), so this is
working as intended.

I've CC'd Mike West, since what you're really asking for is an exception to
the spec, and we should probably solicit his opinion before making a
decision.
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
--
--
Automated mail from issue updates at http://crbug.com/
Subscription options: http://groups.google.com/a/chromium.org/group/chromium-bugs

To unsubscribe from this group and stop receiving emails from it, send an email to chromium-bugs+***@chromium.org.
c***@googlecode.com
2015-10-02 05:08:18 UTC
Permalink
Updates:
Cc: ***@chromium.org

Comment #9 on issue 530507 by ***@chromium.org: Cannot use getUserMedia
in a chrome-extension: frame in a http: document.
https://code.google.com/p/chromium/issues/detail?id=530507

There's certainly lower risk of abuse for an extension's resource embedded
into a page. I'm not sure I'd agree that listing something as
web-accessible means that it's been designed to be safe on any website, as
I don't think we yet restrict embedding based on the host permissions that
the extension has requested (do we?).

*shrug* I don't have strong feelings one way or the other, as extensions
are outside the web's security model (and already break it in a number of
ways). If we choose to allow extensions to do interesting things, the fact
that the spec says X doesn't mean we can't do !X.

Who's running extensions these days? kalman@?
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
--
--
Automated mail from issue updates at http://crbug.com/
Subscription options: http://groups.google.com/a/chromium.org/group/chromium-bugs

To unsubscribe from this group and stop receiving emails from it, send an email to chromium-bugs+***@chromium.org.
c***@googlecode.com
2015-10-02 05:12:18 UTC
Permalink
Updates:
Cc: ***@chromium.org

Comment #10 on issue 530507 by ***@chromium.org: Cannot use getUserMedia in
a chrome-extension: frame in a http: document.
https://code.google.com/p/chromium/issues/detail?id=530507

+rdevlin.cronin@ for extensions opinions.
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
--
--
Automated mail from issue updates at http://crbug.com/
Subscription options: http://groups.google.com/a/chromium.org/group/chromium-bugs

To unsubscribe from this group and stop receiving emails from it, send an email to chromium-bugs+***@chromium.org.
c***@googlecode.com
2015-10-02 05:15:20 UTC
Permalink
Comment #11 on issue 530507 by ***@chromium.org: Cannot use getUserMedia in
a chrome-extension: frame in a http: document.
https://code.google.com/p/chromium/issues/detail?id=530507

Just as an additional comment, in general we do try to avoid letting
extensions break the web security model without having some sort of user
facing permission. In this case, there's no permission that says "break
privileged context model," and I don't think there's any reasonable way to
express that to a user, so I'm a bit scared to let it through.

Put differently, if users become used to a world where they see HTTP in the
omnibox, and that means that getUserMedia is not running... would't they be
surprised if extensions suddenly broke this without warning or consent?

(Obviously, this is all tenuously based on the assumption that users
understand extensions and permissions and stuff, but whatever, ugh)
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
--
--
Automated mail from issue updates at http://crbug.com/
Subscription options: http://groups.google.com/a/chromium.org/group/chromium-bugs

To unsubscribe from this group and stop receiving emails from it, send an email to chromium-bugs+***@chromium.org.
c***@googlecode.com
2015-10-02 17:04:49 UTC
Permalink
Comment #13 on issue 530507 by ***@chromium.org: Cannot use getUserMedia
in a chrome-extension: frame in a http: document.
https://code.google.com/p/chromium/issues/detail?id=530507

I'm fine with that resolution if that's the direction you want to take
extensions.

I'd again note that WAR would be less concerning to me if it was locked
down to origins that the extension itself actually had access to (and
therefore could be feasibly expected to have considered in its threat
model).
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
--
--
Automated mail from issue updates at http://crbug.com/
Subscription options: http://groups.google.com/a/chromium.org/group/chromium-bugs

To unsubscribe from this group and stop receiving emails from it, send an email to chromium-bugs+***@chromium.org.
c***@googlecode.com
2015-10-17 00:56:52 UTC
Permalink
Comment #15 on issue 530507 by ***@chromium.org: Cannot use
getUserMedia in a chrome-extension: frame in a http: document.
https://code.google.com/p/chromium/issues/detail?id=530507#c15

The following revision refers to this bug:

https://chromium.googlesource.com/chromium/src.git/+/23d6c8471b207d00a8cf65336067a0891c9a936a

commit 23d6c8471b207d00a8cf65336067a0891c9a936a
Author: jww <***@chromium.org>
Date: Sat Oct 17 00:16:04 2015

Add scheme exceptions for isSecureContext

The Privileged Context spec lists an algorithm for whether a powerful
feature should be allowed in a given context. This check verifies that
the full check from the document that makes the request through all the
parent embedders are secure origins. However, we need to provide an
exception to this algorithm for extensions, which should be allowed to
bypass the Web security model.

This CL adds support for a whitelist of schemes (currently just
chrome-extension:) that should be allowed to access powerful features,
even if the full chain of embedders is not all secure. This extensions
the Document::isSecureContext() method to check this whitelist to see if
the current origin should bypass.

BUG=530507

Review URL: https://codereview.chromium.org/1383483007

Cr-Commit-Position: refs/heads/master@{#354650}

[add]
http://crrev.com/23d6c8471b207d00a8cf65336067a0891c9a936a/chrome/browser/extensions/api/webrtc_from_web_accessible_resource_browsertest.cc
[modify]
http://crrev.com/23d6c8471b207d00a8cf65336067a0891c9a936a/chrome/chrome_tests.gypi
[modify]
http://crrev.com/23d6c8471b207d00a8cf65336067a0891c9a936a/chrome/common/secure_origin_whitelist.cc
[modify]
http://crrev.com/23d6c8471b207d00a8cf65336067a0891c9a936a/chrome/common/secure_origin_whitelist.h
[modify]
http://crrev.com/23d6c8471b207d00a8cf65336067a0891c9a936a/chrome/renderer/chrome_content_renderer_client.cc
[add]
http://crrev.com/23d6c8471b207d00a8cf65336067a0891c9a936a/chrome/test/data/extensions/api_test/webrtc_from_web_accessible_resource/content_script.js
[add]
http://crrev.com/23d6c8471b207d00a8cf65336067a0891c9a936a/chrome/test/data/extensions/api_test/webrtc_from_web_accessible_resource/iframe.js
[add]
http://crrev.com/23d6c8471b207d00a8cf65336067a0891c9a936a/chrome/test/data/extensions/api_test/webrtc_from_web_accessible_resource/iframe_content.html
[add]
http://crrev.com/23d6c8471b207d00a8cf65336067a0891c9a936a/chrome/test/data/extensions/api_test/webrtc_from_web_accessible_resource/manifest.json
[modify]
http://crrev.com/23d6c8471b207d00a8cf65336067a0891c9a936a/third_party/WebKit/Source/core/dom/Document.cpp
[modify]
http://crrev.com/23d6c8471b207d00a8cf65336067a0891c9a936a/third_party/WebKit/Source/platform/weborigin/SchemeRegistry.cpp
[modify]
http://crrev.com/23d6c8471b207d00a8cf65336067a0891c9a936a/third_party/WebKit/Source/platform/weborigin/SchemeRegistry.h
[modify]
http://crrev.com/23d6c8471b207d00a8cf65336067a0891c9a936a/third_party/WebKit/Source/platform/weborigin/SchemeRegistryTest.cpp
[modify]
http://crrev.com/23d6c8471b207d00a8cf65336067a0891c9a936a/third_party/WebKit/Source/web/WebSecurityPolicy.cpp
[modify]
http://crrev.com/23d6c8471b207d00a8cf65336067a0891c9a936a/third_party/WebKit/public/web/WebSecurityPolicy.h
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
--
--
Automated mail from issue updates at http://crbug.com/
Subscription options: http://groups.google.com/a/chromium.org/group/chromium-bugs

To unsubscribe from this group and stop receiving emails from it, send an email to chromium-bugs+***@chromium.org.
c***@googlecode.com
2015-10-17 20:54:00 UTC
Permalink
Updates:
Status: Fixed

Comment #16 on issue 530507 by ***@chromium.org: Cannot use getUserMedia in
a chrome-extension: frame in a http: document.
https://code.google.com/p/chromium/issues/detail?id=530507

This is fixed, although assuming all goes well, I will request a merge next
week.
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
--
--
Automated mail from issue updates at http://crbug.com/
Subscription options: http://groups.google.com/a/chromium.org/group/chromium-bugs

To unsubscribe from this group and stop receiving emails from it, send an email to chromium-bugs+***@chromium.org.
c***@googlecode.com
2015-10-21 16:46:13 UTC
Permalink
Updates:
Labels: OS-All Merge-Request-47

Comment #17 on issue 530507 by ***@chromium.org: Cannot use getUserMedia in
a chrome-extension: frame in a http: document.
https://code.google.com/p/chromium/issues/detail?id=530507

(No comment was entered for this change.)
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
--
--
Automated mail from issue updates at http://crbug.com/
Subscription options: http://groups.google.com/a/chromium.org/group/chromium-bugs

To unsubscribe from this group and stop receiving emails from it, send an email to chromium-bugs+***@chromium.org.
c***@googlecode.com
2015-10-21 16:47:13 UTC
Permalink
Updates:
Labels: -Merge-Request-47 Merge-Approved-47 Hotlist-Merge-Approved

Comment #18 on issue 530507 by ***@google.com: Cannot use getUserMedia
in a chrome-extension: frame in a http: document.
https://code.google.com/p/chromium/issues/detail?id=530507#c18

Approved for M47 (branch: 2526)
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
--
--
Automated mail from issue updates at http://crbug.com/
Subscription options: http://groups.google.com/a/chromium.org/group/chromium-bugs

To unsubscribe from this group and stop receiving emails from it, send an email to chromium-bugs+***@chromium.org.
c***@googlecode.com
2015-10-21 18:22:33 UTC
Permalink
Updates:
Labels: -Merge-Approved-47 merge-merged-2526

Comment #19 on issue 530507 by ***@chromium.org: Cannot use
getUserMedia in a chrome-extension: frame in a http: document.
https://code.google.com/p/chromium/issues/detail?id=530507#c19

The following revision refers to this bug:

https://chromium.googlesource.com/chromium/src.git/+/67dc5d12093a0a9a80a1379b628fa4574838f5f1

commit 67dc5d12093a0a9a80a1379b628fa4574838f5f1
Author: Joel Howard Willis Weinberger <***@chromium.org>
Date: Wed Oct 21 18:17:45 2015

Add scheme exceptions for isSecureContext

The Privileged Context spec lists an algorithm for whether a powerful
feature should be allowed in a given context. This check verifies that
the full check from the document that makes the request through all the
parent embedders are secure origins. However, we need to provide an
exception to this algorithm for extensions, which should be allowed to
bypass the Web security model.

This CL adds support for a whitelist of schemes (currently just
chrome-extension:) that should be allowed to access powerful features,
even if the full chain of embedders is not all secure. This extensions
the Document::isSecureContext() method to check this whitelist to see if
the current origin should bypass.

BUG=530507

Review URL: https://codereview.chromium.org/1383483007

Cr-Commit-Position: refs/heads/master@{#354650}
(cherry picked from commit 23d6c8471b207d00a8cf65336067a0891c9a936a)

Review URL: https://codereview.chromium.org/1417053003 .

Cr-Commit-Position: refs/branch-heads/2526@{#192}
Cr-Branched-From:
cb947c0153db0ec02a8abbcb3ca086d88bf6006f-refs/heads/master@{#352221}

[add]
http://crrev.com/67dc5d12093a0a9a80a1379b628fa4574838f5f1/chrome/browser/extensions/api/webrtc_from_web_accessible_resource_browsertest.cc
[modify]
http://crrev.com/67dc5d12093a0a9a80a1379b628fa4574838f5f1/chrome/chrome_tests.gypi
[modify]
http://crrev.com/67dc5d12093a0a9a80a1379b628fa4574838f5f1/chrome/common/secure_origin_whitelist.cc
[modify]
http://crrev.com/67dc5d12093a0a9a80a1379b628fa4574838f5f1/chrome/common/secure_origin_whitelist.h
[modify]
http://crrev.com/67dc5d12093a0a9a80a1379b628fa4574838f5f1/chrome/renderer/chrome_content_renderer_client.cc
[add]
http://crrev.com/67dc5d12093a0a9a80a1379b628fa4574838f5f1/chrome/test/data/extensions/api_test/webrtc_from_web_accessible_resource/content_script.js
[add]
http://crrev.com/67dc5d12093a0a9a80a1379b628fa4574838f5f1/chrome/test/data/extensions/api_test/webrtc_from_web_accessible_resource/iframe.js
[add]
http://crrev.com/67dc5d12093a0a9a80a1379b628fa4574838f5f1/chrome/test/data/extensions/api_test/webrtc_from_web_accessible_resource/iframe_content.html
[add]
http://crrev.com/67dc5d12093a0a9a80a1379b628fa4574838f5f1/chrome/test/data/extensions/api_test/webrtc_from_web_accessible_resource/manifest.json
[modify]
http://crrev.com/67dc5d12093a0a9a80a1379b628fa4574838f5f1/third_party/WebKit/Source/core/dom/Document.cpp
[modify]
http://crrev.com/67dc5d12093a0a9a80a1379b628fa4574838f5f1/third_party/WebKit/Source/platform/weborigin/SchemeRegistry.cpp
[modify]
http://crrev.com/67dc5d12093a0a9a80a1379b628fa4574838f5f1/third_party/WebKit/Source/platform/weborigin/SchemeRegistry.h
[modify]
http://crrev.com/67dc5d12093a0a9a80a1379b628fa4574838f5f1/third_party/WebKit/Source/platform/weborigin/SchemeRegistryTest.cpp
[modify]
http://crrev.com/67dc5d12093a0a9a80a1379b628fa4574838f5f1/third_party/WebKit/Source/web/WebSecurityPolicy.cpp
[modify]
http://crrev.com/67dc5d12093a0a9a80a1379b628fa4574838f5f1/third_party/WebKit/public/web/WebSecurityPolicy.h
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
--
--
Automated mail from issue updates at http://crbug.com/
Subscription options: http://groups.google.com/a/chromium.org/group/chromium-bugs

To unsubscribe from this group and stop receiving emails from it, send an email to chromium-bugs+***@chromium.org.
c***@googlecode.com
2015-10-21 18:26:50 UTC
Permalink
Comment #20 on issue 530507 by ***@chromium.org: Cannot use getUserMedia in
a chrome-extension: frame in a http: document.
https://code.google.com/p/chromium/issues/detail?id=530507

This fix should be present in the next Beta update. Thanks for everyone's
patience!
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
--
--
Automated mail from issue updates at http://crbug.com/
Subscription options: http://groups.google.com/a/chromium.org/group/chromium-bugs

To unsubscribe from this group and stop receiving emails from it, send an email to chromium-bugs+***@chromium.org.
c***@googlecode.com
2015-10-21 19:38:35 UTC
Permalink
Comment #21 on issue 530507 by ***@chromium.org: Cannot use
getUserMedia in a chrome-extension: frame in a http: document.
https://code.google.com/p/chromium/issues/detail?id=530507#c21

The following revision refers to this bug:

https://chrome-internal.googlesource.com/bling/chromium.git/+/67dc5d12093a0a9a80a1379b628fa4574838f5f1

commit 67dc5d12093a0a9a80a1379b628fa4574838f5f1
Author: Joel Howard Willis Weinberger <***@chromium.org>
Date: Wed Oct 21 18:17:45 2015
--
You received this message because this project is configured to send all
issue notifications to this address.
You may adjust your notification preferences at:
https://code.google.com/hosting/settings
--
--
Automated mail from issue updates at http://crbug.com/
Subscription options: http://groups.google.com/a/chromium.org/group/chromium-bugs

To unsubscribe from this group and stop receiving emails from it, send an email to chromium-bugs+***@chromium.org.
Loading...