-
Notifications
You must be signed in to change notification settings - Fork 80
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Require explicit enabling of EME in nested contexts #364
Comments
w3c/webappsec-permissions-policy#40 is tracking this on the Feature Policy side. |
The issue above is resolved and EME is now included in the Feature Policy spec: https://wicg.github.io/feature-policy/#eme-feature. The name is currently |
The correct link is now https://github.com/WICG/feature-policy/blob/gh-pages/features.md#encrypted-media. Also, the name has been changed to |
FYI, Blink/Chrome will be deprecating on-by-default permissions in cross-origin iframes for several features, including EME, in Chrome 61. These features will need to be explicitly allowed in Chrome 63. See https://sites.google.com/a/chromium.org/dev/Home/chromium-security/deprecating-permissions-in-cross-origin-iframes for details. We'll post a PR for the relevant changes to the EME algorithms. (This will not officially be part of EME v1.0.) |
PR #432 |
Just an update: Chrome 64 is now the target for these changes to land. |
To clarify, this change does not affect permissions (consent). The change is that the |
Sorry to ask here but we ran into a bug related to this ticket with the Vimeo player. It started happening for Chrome 83 on Mac and Windows. For a cross-domain iframe embed with MSE and HDCP enabled playback is blocked while there is no external monitor connected. The video plays for a few seconds and the key status returns Are there any known changes made to make the cross-domain iframe embed with MSE and HDCP more secure? I did some searching but didn't come up with much. <iframe allow="encrypted-media; autoplay; fullscreen" src="https://..." frameborder="0"></iframe> I tried adding the |
@luwes, that sounds like a potential Chrome or Widevine issue. I would suggest you file on crbug.com and post the link here so interested parties can track it. @xhwang-chromium, can you confirm if this should be filed on crbug? |
thanks for the quick reply @joeyparrish, yes it might be a Chrome bug then. Hoping it's not :) Ok, I will report it on crbug.com. |
luwes: Please file a crbug and assign to xhwang@chromium.org and I'll help you find the owner. |
thanks @xhwang-chromium posted a bug report here, https://bugs.chromium.org/p/chromium/issues/detail?id=1087475 (not sure how I could assign anyone) |
Nested contexts/iframes should only be able to access EME if the embedding app explicitly enables it. The reasons are similar to other features that [will] have such limitations. Specifically, this helps mitigate many security and privacy concerns, especially where the top-level context is not complicit. This includes some of the concerns in #101.
Feature Policy appears to be the way forward for these purposes.
The default policies would be:
self
for top-level browsing context, andnull
for nested browsing contextnull
The changes to the EME spec itself would likely be similar to those proposed for Web MIDI. Basically, the promise returned by
requestMediaKeySystemAccess()
would be rejected withSecurityError
if EME is disabled.The text was updated successfully, but these errors were encountered: