Skip to content

fix: prevent Chrome mobile permission prompts on embedded chat widget#35374

Open
DanKunleLove wants to merge 1 commit intolanggenius:mainfrom
DanKunleLove:fix/widget-chrome-mobile-permissions
Open

fix: prevent Chrome mobile permission prompts on embedded chat widget#35374
DanKunleLove wants to merge 1 commit intolanggenius:mainfrom
DanKunleLove:fix/widget-chrome-mobile-permissions

Conversation

@DanKunleLove
Copy link
Copy Markdown

@DanKunleLove DanKunleLove commented Apr 17, 2026

Summary

Fixes #35330 — the embedded chatbot bubble widget triggers Chrome mobile permission prompts ("access to apps and services") instead of rendering, because the iframe unconditionally requests microphone permission.

Root cause

web/public/embed.js line 159:

iframe.allow = "fullscreen;microphone";

On Chrome mobile, requesting microphone in the iframe allow attribute triggers a browser permission prompt even when the chat doesn't use audio input. This blocks the widget from rendering until the user grants permission.

Changes

  • Make microphone permission opt-in via enableMicrophone config flag in difyChatbotConfig (defaults to false)
  • Fix allow attribute syntax — use space-separated format per the Permissions Policy spec ("fullscreen; microphone" not "fullscreen;microphone")
  • Update iframe embed example in the sharing modal to only request fullscreen by default
  • Update both embed.js and embed.min.js

Usage

Users who need microphone access (e.g., for voice input) can opt in:

window.difyChatbotConfig = {
  token: 'your-token',
  enableMicrophone: true
}

Test plan

  • Embed chat widget on a test page without enableMicrophone — verify no permission prompt on Chrome mobile
  • Embed chat widget with enableMicrophone: true — verify microphone permission works when needed
  • Verify widget renders correctly on desktop browsers (Chrome, Firefox, Safari)
  • Verify existing chat functionality is unaffected (text input, responses)

Fixes #35330

@DanKunleLove
fix: prevent Chrome mobile permission prompts on embedded chat widget
b651744 
The embedded chatbot iframe unconditionally requested `microphone`
permission via `iframe.allow = "fullscreen;microphone"`, which triggers
Chrome mobile to show a permission prompt before rendering the widget —
even when the chat app doesn't use audio input.

Changes:
- Make `microphone` permission opt-in via `enableMicrophone` config flag
  in difyChatbotConfig (defaults to off)
- Fix `allow` attribute syntax to use proper space-separated format
  per the Permissions Policy spec (`"fullscreen; microphone"`)
- Update iframe embed example to only request `fullscreen` by default
- Update both embed.js and embed.min.js

Users who need microphone access can enable it:
```js
window.difyChatbotConfig = {
  token: 'your-token',
  enableMicrophone: true
}
```

Fixes langgenius#35330
@dosubot dosubot bot added the size:S This PR changes 10-29 lines, ignoring generated files. label Apr 17, 2026
@github-actions github-actions bot added the web This relates to changes on the web. label Apr 17, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@JzoNgKVO JzoNgKVO Awaiting requested review from JzoNgKVO JzoNgKVO is a code owner

@iamjoel iamjoel Awaiting requested review from iamjoel iamjoel is a code owner

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

size:S This PR changes 10-29 lines, ignoring generated files. web This relates to changes on the web.

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Widget asking permission on chrome device

1 participant

@DanKunleLove