Removal of mediaDevices.getUserMedia from insecure origins
A previous commit removed support for webkitGetUserMedia from insecure
origins. This removes support from the still-behind-a-flag, promise
based mediaDevices.getUserMedia from insecure origins as well.
BUG=520765
Review URL: https://codereview.chromium.org/1311473003
git-svn-id: svn://svn.chromium.org/blink/trunk@201012 bbb929c8-8fbe-4397-9dbb-9b2b20218538
diff --git a/LayoutTests/http/tests/security/powerfulFeatureRestrictions/old-powerful-features-on-insecure-origin-expected.txt b/LayoutTests/http/tests/security/powerfulFeatureRestrictions/old-powerful-features-on-insecure-origin-expected.txt
index fca7cbf..2df5a9a6 100644
--- a/LayoutTests/http/tests/security/powerfulFeatureRestrictions/old-powerful-features-on-insecure-origin-expected.txt
+++ b/LayoutTests/http/tests/security/powerfulFeatureRestrictions/old-powerful-features-on-insecure-origin-expected.txt
@@ -11,6 +11,7 @@
PASS device motion
PASS device orientation
PASS requestMediaKeySystemAccess
-PASS getUserMedia
+PASS navigator.webkitGetUserMedia
+PASS navigator.mediaDevices.getUserMedia
Harness: the test ran to completion.
diff --git a/LayoutTests/http/tests/security/powerfulFeatureRestrictions/old-powerful-features-on-insecure-origin.html b/LayoutTests/http/tests/security/powerfulFeatureRestrictions/old-powerful-features-on-insecure-origin.html
index b576eb6..a37c622 100644
--- a/LayoutTests/http/tests/security/powerfulFeatureRestrictions/old-powerful-features-on-insecure-origin.html
+++ b/LayoutTests/http/tests/security/powerfulFeatureRestrictions/old-powerful-features-on-insecure-origin.html
@@ -89,7 +89,7 @@
this.done();
}));
}, 'device orientation');
-
+
promise_test(function(test) {
return navigator.requestMediaKeySystemAccess('org.w3.clearkey', [{}]);
}, 'requestMediaKeySystemAccess');
@@ -97,9 +97,18 @@
// Tests for APIs that have been turned off on insecure origins
async_test(function() {
navigator.webkitGetUserMedia({ audio: true, video: true },
- this.unreached_func('getUserMedia should call the error callback, but called the success callback instead.'),
+ this.unreached_func('navigator.webkitGetUserMedia should call the error callback, but called the success callback instead.'),
this.step_func_done());
- }, 'getUserMedia');
+ }, 'navigator.webkitGetUserMedia');
+
+ promise_test(function(test) {
+ return navigator.mediaDevices.getUserMedia({audio: true, video: true}).then(
+ test.unreached_func("navigator.mediaDevices.getUserMedia should reject the promise, but resolved instead."),
+ function(error) {
+ assert_equals(error.name, "NotSupportedError");
+ assert_equals(error.message, "Only secure origins are allowed (see: https://goo.gl/Y0ZkNV).");
+ });
+ }, 'navigator.mediaDevices.getUserMedia');
}
</script>
</body>
diff --git a/Source/modules/mediastream/MediaDevices.cpp b/Source/modules/mediastream/MediaDevices.cpp
index 31510f1..9134a60 100644
--- a/Source/modules/mediastream/MediaDevices.cpp
+++ b/Source/modules/mediastream/MediaDevices.cpp
@@ -105,6 +105,11 @@
return exceptionState.reject(scriptState);
}
+ String errorMessage;
+ if (!document->isPrivilegedContext(errorMessage)) {
+ return ScriptPromise::rejectWithDOMException(scriptState, DOMException::create(NotSupportedError, errorMessage));
+ }
+
request->start();
return resolver->promise();
}