Bug 1335740 - getUserMedia() Add 2 prefs to control A) NotAllowedError in http (pref'd on), and B) [SecureContext] navigator.mediaDevices (pref'd off) r=bzbarsky,pehrsons

Differential Revision: https://phabricator.services.mozilla.com/D19549

--HG--
rename : testing/web-platform/meta/mediacapture-streams/historical.html.ini => testing/web-platform/meta/mediacapture-streams/historical.https.html.ini
rename : testing/web-platform/tests/mediacapture-streams/historical.html => testing/web-platform/tests/mediacapture-streams/historical.https.html
extra : moz-landing-system : lando

dom/base/Navigator.cpp

@@ -1516,11 +1516,13 @@ JSObject* Navigator::WrapObject(JSContext* cx,
 }
 
 /* static */
-bool Navigator::HasUserMediaSupport(JSContext* /* unused */,
+bool Navigator::HasUserMediaSupport(JSContext* cx, JSObject* obj) {
-                                    JSObject* /* unused */) {
+  // Make enabling peerconnection enable getUserMedia() as well.
-  // Make enabling peerconnection enable getUserMedia() as well
+  // Emulate [SecureContext] unless media.devices.insecure.enabled=true
-  return Preferences::GetBool("media.navigator.enabled", false) ||
+  return (StaticPrefs::media_navigator_enabled() ||
-         Preferences::GetBool("media.peerconnection.enabled", false);
+          StaticPrefs::media_peerconnection_enabled()) &&
+         (IsSecureContextOrObjectIsFromSecureContext(cx, obj) ||
+          StaticPrefs::media_devices_insecure_enabled());
 }
 
 /* static */

dom/media/MediaManager.cpp

@@ -2464,6 +2464,9 @@ RefPtr<MediaManager::StreamPromise> MediaManager::GetUserMedia(
   bool privileged =
       isChrome ||
       Preferences::GetBool("media.navigator.permission.disabled", false);
+  bool isSecure = aWindow->IsSecureContext();
+  // Note: isHTTPS is for legacy telemetry only! Use isSecure for security, as
+  // it handles things like https iframes in http pages correctly.
   bool isHTTPS = false;
   bool isHandlingUserInput = EventStateManager::IsHandlingUserInput();
   docURI->SchemeIs("https", &isHTTPS);
@@ -2518,8 +2521,9 @@ RefPtr<MediaManager::StreamPromise> MediaManager::GetUserMedia(
         __func__);
   }
 
-  // Disallow access to null principal pages.
+  // Disallow access to null principal pages and http pages (unless pref)
-  if (principal->GetIsNullPrincipal()) {
+  if (principal->GetIsNullPrincipal() ||
+      !(isSecure || StaticPrefs::media_getusermedia_insecure_enabled())) {
     return StreamPromise::CreateAndReject(
         MakeRefPtr<MediaMgrError>(MediaMgrError::Name::NotAllowedError),
         __func__);
@@ -2880,8 +2884,9 @@ RefPtr<MediaManager::StreamPromise> MediaManager::GetUserMedia(
       ->Then(
           GetCurrentThreadSerialEventTarget(), __func__,
           [self, windowID, c, windowListener, sourceListener, askPermission,
-           prefs, isHTTPS, isHandlingUserInput, callID, principalInfo, isChrome,
+           prefs, isSecure, isHandlingUserInput, callID, principalInfo,
-           devices, resistFingerprinting](const char* badConstraint) mutable {
+           isChrome, devices,
+           resistFingerprinting](const char* badConstraint) mutable {
             LOG("GetUserMedia: starting post enumeration promise2 success "
                 "callback!");
 
@@ -2971,7 +2976,7 @@ RefPtr<MediaManager::StreamPromise> MediaManager::GetUserMedia(
                                    callID.BeginReading());
             } else {
               auto req = MakeRefPtr<GetUserMediaRequest>(
-                  window, callID, c, isHTTPS, isHandlingUserInput);
+                  window, callID, c, isSecure, isHandlingUserInput);
               if (!Preferences::GetBool("media.navigator.permission.force") &&
                   array->Length() > 1) {
                 // there is at least 1 pending gUM request

modules/libpref/init/StaticPrefList.h

@@ -1349,7 +1349,47 @@ VARCACHE_PREF(
 
 #endif // ANDROID
 
-// WebRTC
+//---------------------------------------------------------------------------
+// MediaCapture prefs
+//---------------------------------------------------------------------------
+
+// Enables navigator.mediaDevices and getUserMedia() support. See also
+// media.peerconnection.enabled
+VARCACHE_PREF(
+              "media.navigator.enabled",
+              media_navigator_enabled,
+              bool, true
+              )
+
+// This pref turns off [SecureContext] on the navigator.mediaDevices object, for
+// more compatible legacy behavior.
+VARCACHE_PREF(
+              "media.devices.insecure.enabled",
+              media_devices_insecure_enabled,
+              bool, true
+              )
+
+// If the above pref is also enabled, this pref enabled getUserMedia() support
+// in http, bypassing the instant NotAllowedError you get otherwise.
+VARCACHE_PREF(
+              "media.getusermedia.insecure.enabled",
+              media_getusermedia_insecure_enabled,
+              bool, false
+              )
+
+//---------------------------------------------------------------------------
+// WebRTC prefs
+//---------------------------------------------------------------------------
+
+// Enables RTCPeerConnection support. Note that, when true, this pref enables
+// navigator.mediaDevices and getUserMedia() support as well.
+// See also media.navigator.enabled
+VARCACHE_PREF(
+              "media.peerconnection.enabled",
+              media_peerconnection_enabled,
+              bool, true
+              )
+
 #ifdef MOZ_WEBRTC
 #ifdef ANDROID
 

modules/libpref/init/all.js

@@ -427,7 +427,6 @@ pref("media.decoder-doctor.verbose", false);
 pref("media.decoder-doctor.new-issue-endpoint", "https://webcompat.com/issues/new");
 
 #ifdef MOZ_WEBRTC
-pref("media.navigator.enabled", true);
 pref("media.navigator.video.enabled", true);
 pref("media.navigator.video.default_fps",30);
 pref("media.navigator.video.use_remb", true);
@@ -452,7 +451,6 @@ pref("media.webrtc.debug.aec_dump_max_size", 4194304); // 4MB
 
 pref("media.navigator.video.default_width",0);  // adaptive default
 pref("media.navigator.video.default_height",0); // adaptive default
-pref("media.peerconnection.enabled", true);
 pref("media.peerconnection.video.enabled", true);
 pref("media.navigator.video.max_fs", 12288); // Enough for 2048x1536
 pref("media.navigator.video.max_fr", 60);

testing/web-platform/meta/mediacapture-streams/MediaDevices-SecureContext.html.ini

@@ -1,4 +0,0 @@
-[MediaDevices-SecureContext.html]
-  [MediaDevices and SecureContext]
-    expected: FAIL
-

testing/web-platform/meta/mediacapture-streams/__dir__.ini

@@ -1 +1 @@
-prefs: [media.navigator.permission.disabled:true, media.navigator.streams.fake:true, dom.security.featurePolicy.enabled:true, dom.security.featurePolicy.header.enabled:true, dom.security.featurePolicy.webidl.enabled:true]
+prefs: [media.navigator.permission.disabled:true, media.navigator.streams.fake:true, media.devices.insecure.enabled:false, dom.security.featurePolicy.enabled:true, dom.security.featurePolicy.header.enabled:true, dom.security.featurePolicy.webidl.enabled:true]

testing/web-platform/meta/mediacapture-streams/historical.https.html.ini

@@ -1,4 +1,4 @@
-[historical.html]
+[historical.https.html]
   [navigator.mozGetUserMedia should not exist]
     expected: FAIL