Removal of mediaDevices.getUserMedia from insecure origins

A previous commit removed support for webkitGetUserMedia from insecure origins. This removes support from the still-behind-a-flag, promise based mediaDevices.getUserMedia from insecure origins as well. BUG=520765 Review URL: https://codereview.chromium.org/1311473003 git-svn-id: svn://svn.chromium.org/blink/trunk@201012 bbb929c8-8fbe-4397-9dbb-9b2b20218538

Removal of mediaDevices.getUserMedia from insecure origins
A previous commit removed support for webkitGetUserMedia from insecure origins. This removes support from the still-behind-a-flag, promise based mediaDevices.getUserMedia from insecure origins as well. BUG=520765 Review URL: https://codereview.chromium.org/1311473003 git-svn-id: svn://svn.chromium.org/blink/trunk@201012 bbb929c8-8fbe-4397-9dbb-9b2b20218538
dac67a13 · jww@chromium.org · ba95ad0d · dac67a13 · dac67a13 · dac67a13
Commit dac67a13 authored Aug 21, 2015 by jww@chromium.org
3 changed files
--- a/third_party/WebKit/LayoutTests/http/tests/security/powerfulFeatureRestrictions/old-powerful-features-on-insecure-origin-expected.txt
+++ b/third_party/WebKit/LayoutTests/http/tests/security/powerfulFeatureRestrictions/old-powerful-features-on-insecure-origin-expected.txt
@@ -11,6 +11,7 @@ PASS fullscreen
 PASS device motion 
 PASS device orientation 
 PASS requestMediaKeySystemAccess 
-PASS getUserMedia 
+PASS navigator.webkitGetUserMedia 
+PASS navigator.mediaDevices.getUserMedia 
 Harness: the test ran to completion.
--- a/third_party/WebKit/LayoutTests/http/tests/security/powerfulFeatureRestrictions/old-powerful-features-on-insecure-origin.html
+++ b/third_party/WebKit/LayoutTests/http/tests/security/powerfulFeatureRestrictions/old-powerful-features-on-insecure-origin.html
@@ -89,7 +89,7 @@ if (window.location.origin != get_host_info().UNAUTHENTICATED_ORIGIN) {
            this.done();
        }));
    }, 'device orientation');
    promise_test(function(test) {
        return navigator.requestMediaKeySystemAccess('org.w3.clearkey', [{}]);
    }, 'requestMediaKeySystemAccess');
@@ -97,9 +97,18 @@ if (window.location.origin != get_host_info().UNAUTHENTICATED_ORIGIN) {
    // Tests for APIs that have been turned off on insecure origins
    async_test(function() {
        navigator.webkitGetUserMedia({ audio: true, video: true },
-            this.unreached_func('getUserMedia should call the error callback, but called the success callback instead.'),
+            this.unreached_func('navigator.webkitGetUserMedia should call the error callback, but called the success callback instead.'),
            this.step_func_done());
-    }, 'getUserMedia');
+    }, 'navigator.webkitGetUserMedia');
+    promise_test(function(test) {
+        return navigator.mediaDevices.getUserMedia({audio: true, video: true}).then(
+            test.unreached_func("navigator.mediaDevices.getUserMedia should reject the promise, but resolved instead."),
+            function(error) {
+                assert_equals(error.name, "NotSupportedError");
+                assert_equals(error.message, "Only secure origins are allowed (see: https://goo.gl/Y0ZkNV).");
+            });
+    }, 'navigator.mediaDevices.getUserMedia');
 }
 </script>
 </body>

--- a/third_party/WebKit/Source/modules/mediastream/MediaDevices.cpp
+++ b/third_party/WebKit/Source/modules/mediastream/MediaDevices.cpp
@@ -105,6 +105,11 @@ ScriptPromise MediaDevices::getUserMedia(ScriptState* scriptState, const MediaSt
        return exceptionState.reject(scriptState);
    }
+    String errorMessage;
+    if (!document->isPrivilegedContext(errorMessage)) {
+        return ScriptPromise::rejectWithDOMException(scriptState, DOMException::create(NotSupportedError, errorMessage));
+    }
    request->start();
    return resolver->promise();
 }