Removal of getUserMedia() on insecure origins

This disallows getUserMedia() from being used on insecure origins. Adds
a console warning message that the API call has failed because of this.

BUG=520765

Review URL: https://codereview.chromium.org/1284193003

git-svn-id: svn://svn.chromium.org/blink/trunk@200986 bbb929c8-8fbe-4397-9dbb-9b2b20218538

third_party/WebKit/LayoutTests/http/tests/security/powerfulFeatureRestrictions/getUserMedia-on-insecure-origin.html

-<!DOCTYPE html>
-<title>getUserMedia On An Insecure Origin</title>
-<script src="/resources/testharness.js"></script>
-<script src="/resources/testharnessreport.js"></script>
-<script src="/resources/get-host-info.js"></script>
-<script>
-if (window.location.origin != get_host_info().UNAUTHENTICATED_ORIGIN) {
-    window.location = get_host_info().UNAUTHENTICATED_ORIGIN + window.location.pathname;
-} else {
-    if (window.testRunner)
-        testRunner.overridePreference("WebKitStrictPowerfulFeatureRestrictions", true);
-
-    test(function () {
-        assert_throws(
-            "SecurityError",
-            function() {
-                navigator.webkitGetUserMedia(
-                    { video:true },
-                    function() { assert_unreached("Success callback should not be called."); },
-                    function() { assert_unreached("Error callback should not be called."); });
-            });
-    }, 'getUserMedia');
-}
-</script>

third_party/WebKit/LayoutTests/http/tests/security/powerfulFeatureRestrictions/old-powerful-features-on-insecure-origin-expected.txt

 CONSOLE WARNING: getCurrentPosition() and watchPosition() are deprecated on insecure origins, and support will be removed in the future. You should consider switching your application to a secure origin, such as HTTPS. See https://goo.gl/rStTGz for more details.
 CONSOLE WARNING: requestFullscreen() is deprecated on insecure origins, and support will be removed in the future. You should consider switching your application to a secure origin, such as HTTPS. See https://goo.gl/rStTGz for more details.
-CONSOLE WARNING: getUserMedia() is deprecated on insecure origins, and support will be removed in the future. You should consider switching your application to a secure origin, such as HTTPS. See https://goo.gl/rStTGz for more details.
 CONSOLE WARNING: The devicemotion event is deprecated on insecure origins, and support will be removed in the future. You should consider switching your application to a secure origin, such as HTTPS. See https://goo.gl/rStTGz for more details.
 CONSOLE WARNING: The deviceorientation event is deprecated on insecure origins, and support will be removed in the future. You should consider switching your application to a secure origin, such as HTTPS. See https://goo.gl/rStTGz for more details.
+CONSOLE WARNING: getUserMedia() no longer works on insecure origins. To use this feature, you should consider switching your application to a secure origin, such as HTTPS. See https://goo.gl/rStTGz for more details.
 CONSOLE WARNING: requestMediaKeySystemAccess() is deprecated on insecure origins in the specification. Support will be removed in the future. You should consider switching your application to a secure origin, such as HTTPS. See https://goo.gl/rStTGz for more details.
 This is a testharness.js-based test.
 PASS getCurrentPosition 
 PASS watchPosition 
 PASS fullscreen 
-PASS getUserMedia 
 PASS device motion 
 PASS device orientation 
 PASS requestMediaKeySystemAccess 
+PASS getUserMedia 
 Harness: the test ran to completion.
 

third_party/WebKit/LayoutTests/http/tests/security/powerfulFeatureRestrictions/old-powerful-features-on-insecure-origin.html

@@ -27,6 +27,8 @@ if (window.location.origin != get_host_info().UNAUTHENTICATED_ORIGIN) {
                                      mockLongitude,
                                      mockAccuracy);
 
+    // Tests for APIs that are deprecated, but still allowed, on
+    // insecure origins
     async_test(function() {
         navigator.geolocation.getCurrentPosition(
             this.step_func(function() {
@@ -69,17 +71,6 @@ if (window.location.origin != get_host_info().UNAUTHENTICATED_ORIGIN) {
         document.removeEventListener("click", request);
     }, 'fullscreen');
 
-    async_test(function() {
-        navigator.webkitGetUserMedia({ audio: true, video: true },
-                this.step_func(function() {
-                    this.done();
-                }),
-                this.step_func(function() {
-                    assert_unreached('getUserMedia should succeed, but failed.');
-                    this.done();
-                }));
-    }, 'getUserMedia');
-
     async_test(function() {
         testRunner.setMockDeviceMotion(true, 0, true, 0, true, 0,
                                        true, 0, true, 0, true, 0,
@@ -102,6 +93,13 @@ if (window.location.origin != get_host_info().UNAUTHENTICATED_ORIGIN) {
     promise_test(function(test) {
         return navigator.requestMediaKeySystemAccess('org.w3.clearkey', [{}]);
     }, 'requestMediaKeySystemAccess');
+
+    // Tests for APIs that have been turned off on insecure origins
+    async_test(function() {
+        navigator.webkitGetUserMedia({ audio: true, video: true },
+            this.unreached_func('getUserMedia should call the error callback, but called the success callback instead.'),
+            this.step_func_done());
+    }, 'getUserMedia');
 }
 </script>
 </body>

third_party/WebKit/Source/core/frame/UseCounter.cpp

@@ -887,7 +887,7 @@ String UseCounter::deprecationMessage(Feature feature)
         return "getCurrentPosition() and watchPosition() are deprecated on insecure origins, and support will be removed in the future. You should consider switching your application to a secure origin, such as HTTPS. See https://goo.gl/rStTGz for more details.";
 
     case GetUserMediaInsecureOrigin:
-        return "getUserMedia() is deprecated on insecure origins, and support will be removed in the future. You should consider switching your application to a secure origin, such as HTTPS. See https://goo.gl/rStTGz for more details.";
+        return "getUserMedia() no longer works on insecure origins. To use this feature, you should consider switching your application to a secure origin, such as HTTPS. See https://goo.gl/rStTGz for more details.";
 
     case FullscreenInsecureOrigin:
         return "requestFullscreen() is deprecated on insecure origins, and support will be removed in the future. You should consider switching your application to a secure origin, such as HTTPS. See https://goo.gl/rStTGz for more details.";

third_party/WebKit/Source/modules/mediastream/NavigatorMediaStream.cpp

@@ -62,21 +62,19 @@ void NavigatorMediaStream::webkitGetUserMedia(Navigator& navigator, const MediaS
         return;
     }
 
+    UserMediaRequest* request = UserMediaRequest::create(navigator.frame()->document(), userMedia, options, successCallback, errorCallback, exceptionState);
+    if (!request) {
+        ASSERT(exceptionState.hadException());
+        return;
+    }
+
     String errorMessage;
     if (navigator.frame()->document()->isPrivilegedContext(errorMessage)) {
         UseCounter::count(navigator.frame(), UseCounter::GetUserMediaSecureOrigin);
     } else {
         UseCounter::countDeprecation(navigator.frame(), UseCounter::GetUserMediaInsecureOrigin);
         OriginsUsingFeatures::countAnyWorld(*navigator.frame()->document(), OriginsUsingFeatures::Feature::GetUserMediaInsecureOrigin);
-        if (navigator.frame()->settings()->strictPowerfulFeatureRestrictions()) {
-            exceptionState.throwSecurityError(ExceptionMessages::failedToExecute("webkitGetUserMedia", "Navigator", errorMessage));
-            return;
-        }
-    }
-
-    UserMediaRequest* request = UserMediaRequest::create(navigator.frame()->document(), userMedia, options, successCallback, errorCallback, exceptionState);
-    if (!request) {
-        ASSERT(exceptionState.hadException());
+        request->failPermissionDenied(errorMessage);
         return;
     }