Re: [mediacapture-main] getUserMedia "hanging" indefinitely (#846) from Jan-Ivar Bruaroey via GitHub on 2022-01-06 (public-webrtc-logs@w3.org from January 2022)

From: Jan-Ivar Bruaroey via GitHub <sysbot+gh@w3.org>
Date: Thu, 06 Jan 2022 18:22:40 +0000
To: public-webrtc-logs@w3.org
Message-ID: <issue_comment.created-1006813902-1641493359-sysbot+gh@w3.org>

> It is arguable that the Promise resolving after a week might be undesirable.

But is it arguable that the Promise resolving after a week is never desirable? That's what imposing a deadline in the spec would mean. Seems like UA territory to me that we should allow but not standardize (not a web compat issue).

> But we could move 6.3.7 up, or clone this step just after step 6.1.

The user might have multiple background tabs with pending gUM and this would reject all of them at the exact same time, which could be time-correlated in an exploit to track the user across origins.

Not rejecting a promise isn't "hanging", it's more like not firing an event or never calling a callback, which seems fine.

> I also wonder what your thoughts with step 6.5.2 are.

If after weeks of vacation I activate a tab that had an unanswered permission prompt before I left, I think I'd expect to find it as I left it. Seems harmless (call this situation A).

If after weeks of vacation I activate a tab and it immediately turns on camera or microphone, because I've trusted the page with persistent camera or mic permission, that might be surprising (situation B).

But B isn't a security issue, since a malicious site with such permission could already request gUM on [visibilitychange](https://html.spec.whatwg.org/multipage/indices.html#event-visibilitychange). So the remaining question seems to be how to protect users from accidental privacy invasion by well-meaning apps inadvertently inferring user intent to start capture at that time.

Situation A seems easy for a user to get into (tabbing away without answering a prompt), but B seems a bit harder. The site would basically have to request gUM while in the background (without a user trigger), or the user tabbed away in the sometimes >1 second time window between gUM call and success.

> My understanding is that UAs can deny the request on behalf of the user after some time.
In that case, when page gets back focus, the UA does as if user denied the prompt.

This matches my understanding, and seems sufficient, so I suggest we close this.

-- 
GitHub Notification of comment by jan-ivar
Please view or discuss this issue at https://github.com/w3c/mediacapture-main/issues/846#issuecomment-1006813902 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Thursday, 6 January 2022 18:22:43 UTC