182638 2018-02-09 03:59:32 -0800 Iframe allow="geolocation; microphone; camera; midi; encrypted-media;" 2018-04-05 11:08:59 -0700 1 1 1 Unclassified WebKit WebRTC WebKit Nightly Build All All RESOLVED CONFIGURATION CHANGED P2 Blocker --- 1 shamun webkit-unassigned kenma9123 youennf oldest_to_newest 1397897 0 shamun 2018-02-09 03:59:32 -0800 When i use <iframe allow="geolocation; microphone; camera; midi; encrypted-media;" ></iframe> it does not work In Google chrome i can put that so that i can avoid same origin problem. https://www.client.com use iframe to use supplier services from https://supplier.supplier.com/webrtc When will be the "allow="geolocation; microphone; camera; midi; encrypted-media;" options available? 1397900 1 shamun 2018-02-09 04:22:31 -0800 Safari shows "Trying to call getUserMedia from a document with a different security origin than its top-level frame." even <iframe allow="geolocation; microphone; camera; midi; encrypted-media;" ></iframe> is used Here are the situation: 1. https://www.client.com use iframe services in there site 2. in the iframe they have following <iframe src="https://supplier.supplier.com/buy-service1" allow="geolocation; microphone; camera; midi; encrypted-media;"></iframe> 3. Now in Google chrome it works, but not in Safari OSX,iOS. How to make this work in Safari? 1397934 2 youennf 2018-02-09 07:35:39 -0800 (In reply to iamtesting from comment #0) > When i use <iframe allow="geolocation; microphone; camera; midi; > encrypted-media;" ></iframe> it does not work > In Google chrome i can put that so that i can avoid same origin problem. Is that a request to support geolocation, midi and encrypted-media? Have you tried microphone and camera in recent STP? 1397936 3 shamun 2018-02-09 07:44:53 -0800 Its a request to support this "Deprecating Permissions in Cross-Origin Iframes:" - https://dev.chromium.org/Home/chromium-security/deprecating-permissions-in-cross-origin-iframes In Google Chrome we can use <iframe allow="geolocation; microphone; camera; midi; encrypted-media;" ></iframe> to overcome the issue, but in Safari none of the flags are working i have tried all of those combination but none worked in recent STP (Beta latest available versions of Safari) 1397937 4 shamun 2018-02-09 07:51:34 -0800 FYI Please note that this feature: <iframe allow="geolocation; microphone; camera; midi; encrypted-media;" ></iframe> Works on: - Chromium (latest code) - Node-WebKit - Google chrome (official), Canary - Firefox - Opera - IE Edge - Android Google chrome Not works on: - Safari OSX, iOS 1399469 5 shamun 2018-02-15 08:43:56 -0800 BUG https://server1.domain1.com = Chat software = 217.x.x.x https://server2.domain1.com = WebRTC software = 37.x.x.x Now https://server1.domain1.com using iframe src="https://server2.domain1.com" Why Safari is telling "trying to call getusermedia from a document with a different security origin then its top-level frame." ? Can anyone please fix this BUG? even applying "allow="geolocation; microphone; camera; midi; encrypted-media;" is not fixing Safari. it keeps refusing. 1399486 6 youennf 2018-02-15 09:40:26 -0800 Can you try setting allow in JavaScript? Something like: frame.allow = "camera;microphone" Would you be able to provide a repro case? 1399566 7 shamun 2018-02-15 12:05:21 -0800 @youenn fablet: How to send you a private link which will not be visible in public? (i cant expose my domain in public because of security, privacy, company policies) 1405537 8 youennf 2018-03-10 21:38:59 -0800 Closing at behaving correctly in latest STP. iamtesting, please reopen if needed. 1412033 9 kenma9123 2018-04-05 04:07:13 -0700 Hi, still doesn't work. We tested it using the latest STP(Safari 11.2, WebKit 13606.1.11.2) but now with a new error. "Could not access microphone: SecurityError: The operation is insecure." 1412037 10 youennf 2018-04-05 07:08:25 -0700 Latest stp has an unrelated bug in getUserMedia 1412038 11 youennf 2018-04-05 07:09:57 -0700 Latest stp has an unrelated bug in getUserMedia. Geolocation access is not yet supported indeed. 1412077 12 kenma9123 2018-04-05 10:11:35 -0700 The new error is "SecurityError: The operation is insecure." after the "Trying to call getUserMedia from a document with a different security origin than its top-level frame.". So it isn't fixed yet even of stp? 1412079 13 youennf 2018-04-05 10:13:08 -0700 (In reply to kenma from comment #12) > The new error is "SecurityError: The operation is insecure." after the > "Trying to call getUserMedia from a document with a different security > origin than its top-level frame.". So it isn't fixed yet even of stp? Kenma, can you send me a link to a page showing the "Trying to call getUserMedia from a document with a different security origin than its top-level frame."? 1412101 14 kenma9123 2018-04-05 10:55:16 -0700 Isn't that's the original thread creator was referring to? Anyway here's a sample from JotForm (https://www.jotform.com/80945014172957). They have widgets, and widgets are served from a different domain. That widget access the microphone to make a recording. On Safari 11 when you record, check the console it will log about "Trying to call getUserMedia from a document with a different security origin than its top-level frame." and when you load this on STP the error is "SecurityError: The operation is insecure." This started happening when the webkit policy on iframe have been applied (https://dev.chromium.org/Home/chromium-security/deprecating-permissions-in-cross-origin-iframes) - just like the thread creator was referring to. Other browsers like Chrome and Firefox has no problem just with Safari. 1412103 15 youennf 2018-04-05 11:02:46 -0700 (In reply to kenma from comment #14) > Isn't that's the original thread creator was referring to? Anyway here's a > sample from JotForm (https://www.jotform.com/80945014172957). They have > widgets, and widgets are served from a different domain. That widget access > the microphone to make a recording. On Safari 11 when you record, check the > console it will log about "Trying to call getUserMedia from a document with > a different security origin than its top-level frame." and when you load > this on STP the error is "SecurityError: The operation is insecure." > > This started happening when the webkit policy on iframe have been applied > (https://dev.chromium.org/Home/chromium-security/deprecating-permissions-in- > cross-origin-iframes) - just like the thread creator was referring to. > > Other browsers like Chrome and Firefox has no problem just with Safari. STP52 and latest WebKit nightlies should have it. STP53 has a temporary issue that basically disabled getUserMedia. Testing locally, getUserMedia part of jotform is working fine. 1412109 16 kenma9123 2018-04-05 11:08:59 -0700 okay thanks thats great to hear. I'm actually unsure how often you update it for stable releases but when do we exactly expect the fixes to be ship to the latest stable build? not all users use STP tho. Anyway appreciate the effort guys. Was really trying to figure out as well until I stumbled upon this thread. Hoping it will live soon.