| Summary: | Iframe allow="geolocation; microphone; camera; midi; encrypted-media;" | ||
|---|---|---|---|
| Product: | WebKit | Reporter: | iamtesting <shamun> |
| Component: | WebRTC | Assignee: | Nobody <webkit-unassigned> |
| Status: | RESOLVED CONFIGURATION CHANGED | ||
| Severity: | Blocker | CC: | kenma9123, youennf |
| Priority: | P2 | ||
| Version: | WebKit Nightly Build | ||
| Hardware: | All | ||
| OS: | All | ||
|
Description
iamtesting
2018-02-09 03:59:32 PST
Safari shows "Trying to call getUserMedia from a document with a different security origin than its top-level frame." even <iframe allow="geolocation; microphone; camera; midi; encrypted-media;" ></iframe> is used Here are the situation: 1. https://www.client.com use iframe services in there site 2. in the iframe they have following <iframe src="https://supplier.supplier.com/buy-service1" allow="geolocation; microphone; camera; midi; encrypted-media;"></iframe> 3. Now in Google chrome it works, but not in Safari OSX,iOS. How to make this work in Safari? (In reply to iamtesting from comment #0) > When i use <iframe allow="geolocation; microphone; camera; midi; > encrypted-media;" ></iframe> it does not work > In Google chrome i can put that so that i can avoid same origin problem. Is that a request to support geolocation, midi and encrypted-media? Have you tried microphone and camera in recent STP? Its a request to support this "Deprecating Permissions in Cross-Origin Iframes:" - https://dev.chromium.org/Home/chromium-security/deprecating-permissions-in-cross-origin-iframes In Google Chrome we can use <iframe allow="geolocation; microphone; camera; midi; encrypted-media;" ></iframe> to overcome the issue, but in Safari none of the flags are working i have tried all of those combination but none worked in recent STP (Beta latest available versions of Safari) FYI Please note that this feature: <iframe allow="geolocation; microphone; camera; midi; encrypted-media;" ></iframe> Works on: - Chromium (latest code) - Node-WebKit - Google chrome (official), Canary - Firefox - Opera - IE Edge - Android Google chrome Not works on: - Safari OSX, iOS BUG https://server1.domain1.com = Chat software = 217.x.x.x https://server2.domain1.com = WebRTC software = 37.x.x.x Now https://server1.domain1.com using iframe src="https://server2.domain1.com" Why Safari is telling "trying to call getusermedia from a document with a different security origin then its top-level frame." ? Can anyone please fix this BUG? even applying "allow="geolocation; microphone; camera; midi; encrypted-media;" is not fixing Safari. it keeps refusing. Can you try setting allow in JavaScript? Something like: frame.allow = "camera;microphone" Would you be able to provide a repro case? @youenn fablet: How to send you a private link which will not be visible in public? (i cant expose my domain in public because of security, privacy, company policies) Closing at behaving correctly in latest STP. iamtesting, please reopen if needed. Hi, still doesn't work. We tested it using the latest STP(Safari 11.2, WebKit 13606.1.11.2) but now with a new error. "Could not access microphone: SecurityError: The operation is insecure." Latest stp has an unrelated bug in getUserMedia Latest stp has an unrelated bug in getUserMedia. Geolocation access is not yet supported indeed. The new error is "SecurityError: The operation is insecure." after the "Trying to call getUserMedia from a document with a different security origin than its top-level frame.". So it isn't fixed yet even of stp? (In reply to kenma from comment #12) > The new error is "SecurityError: The operation is insecure." after the > "Trying to call getUserMedia from a document with a different security > origin than its top-level frame.". So it isn't fixed yet even of stp? Kenma, can you send me a link to a page showing the "Trying to call getUserMedia from a document with a different security origin than its top-level frame."? Isn't that's the original thread creator was referring to? Anyway here's a sample from JotForm (https://www.jotform.com/80945014172957). They have widgets, and widgets are served from a different domain. That widget access the microphone to make a recording. On Safari 11 when you record, check the console it will log about "Trying to call getUserMedia from a document with a different security origin than its top-level frame." and when you load this on STP the error is "SecurityError: The operation is insecure." This started happening when the webkit policy on iframe have been applied (https://dev.chromium.org/Home/chromium-security/deprecating-permissions-in-cross-origin-iframes) - just like the thread creator was referring to. Other browsers like Chrome and Firefox has no problem just with Safari. (In reply to kenma from comment #14) > Isn't that's the original thread creator was referring to? Anyway here's a > sample from JotForm (https://www.jotform.com/80945014172957). They have > widgets, and widgets are served from a different domain. That widget access > the microphone to make a recording. On Safari 11 when you record, check the > console it will log about "Trying to call getUserMedia from a document with > a different security origin than its top-level frame." and when you load > this on STP the error is "SecurityError: The operation is insecure." > > This started happening when the webkit policy on iframe have been applied > (https://dev.chromium.org/Home/chromium-security/deprecating-permissions-in- > cross-origin-iframes) - just like the thread creator was referring to. > > Other browsers like Chrome and Firefox has no problem just with Safari. STP52 and latest WebKit nightlies should have it. STP53 has a temporary issue that basically disabled getUserMedia. Testing locally, getUserMedia part of jotform is working fine. okay thanks thats great to hear. I'm actually unsure how often you update it for stable releases but when do we exactly expect the fixes to be ship to the latest stable build? not all users use STP tho. Anyway appreciate the effort guys. Was really trying to figure out as well until I stumbled upon this thread. Hoping it will live soon. |