I have given allow permission for Microphone in my domain. We are using our domain in multiple tabs. I am able to acquire local media (Microphone) when I am accessing in the same tab. But I am not able to acquire local media for WebRTC in the other tab(same domain) without visiting the tab .Only after visiting the tab localmedia access is acquired.
Is it intentionally done for Security & Privacy? . Is there any way to solve my problem ?
Reason: To restrict resources being used for WebRTC session. We are keeping WebRTC session in single tab for our domain and using only that resource for all the tabs to make calls.
Tried setting microphone-allow as iframe attribute . But it didnt solve the problem . It is working fine in GoogleChrome browser though. If I open a new tab(T1) and initiate webrtc in it and make webrtc call from another tab (T2)without ever visiting the tab T1 , call is connected in chrome but not in firefox unless i visit T1 .
Note : It is not asking permission for allowing microphone in the domain , it acquires it automatically . Just that it acquires only after i visit the tab .I have given microphone access permission to my domain already.
Is it intentionally done for Security & Privacy?
Yes, this is intentional to prevent background tabs from turning on the camera or mic willy nilly, to spy on users. Because that's creepy. I believe Safari works the same way.
The getUsermedia specification recently made this a requirement:
Step 6.1. "The User Agent MUST wait to proceed to the next step until the current settings object's responsible document is fully active and has focus."*
So I would expect Chrome to follow suit soon.
Is there any way to solve my problem ?
That would very much defeat the assurance.
Users can rest assured that only the currently focused tab can turn on the camera or microphone.
If I open a new tab(T1) and initiate webrtc in it and make webrtc call from another tab (T2)without ever visiting the tab T1 , call is connected in chrome but not in firefox unless i visit T1.
That's an RTCPeerConnection connection problem, which is separate from getUserMedia.
The workaround is to not block connection establishment on mic access.
There's no reason you can't connect first and add the mic later.
Or get mic ahead of time, and connect later. Basically, the two actions don't need to coincide or block each other.
Related
What I want to do
Make a simple socket connection to a server on the browser. I want to not send any header information with the socket connection.
The Problem
It looks like I am unable to make a socket connection with javascript that does not send header data (Is there a way to do a tcp connection to an IP with javascript?).
I thought maybe I could make a connection with a chrome extension, however it looks like the socket API is only available for chrome apps (Google Chrome Socket API in extensions).
I am thinking that I might need to make a native application that will make socket connections through requests made by the browser using Native Messaging.
Is there anyway I can achieve this or am I out of luck?
Raw socket connections through the browser are wrapped up in security concerns. Users can be easily manipulated to allow things to run that shouldn't.
TCP and UDP Socket API
W3C Editor's Draft 20 January 2016
is located here.
http://raw-sockets.sysapps.org/
Mozilla's API information here: https://developer.mozilla.org/en-US/docs/Archive/B2G_OS/API/TCPSocket "This API is available on Firefox OS for privileged or certified applications only."
If you work with raw TCP connections. I would suggest
(1) downloading PHP onto the local computer. PHP has a developer web host build in so you can run whatever application you want on PHP using the browser as your GUI.
(2) download node.js.
You are not out of luck you just need to achieve it with the understanding that you are working outside the box for normal browser based scripting created from security concerns, and that means the user/client needs to install something manually.
If you must use chrome browser on the client side, you will need to make an -extension- correction webapp. You can as a developer make one that you can use on your own computers.
https://developer.chrome.com/extensions/getstarted
https://developer.chrome.com/apps/first_app
Load the extension#
Extensions that you download from the Chrome Web
Store are packaged up as .crx files, which is great for distribution,
but not so great for development. Recognizing this, Chrome gives you a
quick way of loading up your working directory for testing. Let's do
that now.
Visit chrome://extensions in your browser (or open up the Chrome menu
by clicking the icon to the far right of the Omnibox: The menu's icon
is three horizontal bars. and select Extensions under the Tools menu
to get to the same place).
Ensure that the Developer mode checkbox in the top right-hand corner
is checked.
Click Load unpacked extension… to pop up a file-selection dialog.
Navigate to the directory in which your extension files live, and
select it.
Alternatively, you can drag and drop the directory where your
extension files live onto chrome://extensions in your browser to load
it.
If the extension is valid, it'll be loaded up and active right away!
If it's invalid, an error message will be displayed at the top of the
page. Correct the error, and try again.
This insures that non developers don't load an extension which does not comply with the normal security concerns.
Communicating between with the script on the web page to the extension.
Can be done with message passing ... https://developer.chrome.com/extensions/messaging
The extension can add content directly to the web page which is available to the script on the web page. If for example the extension replaced the web cam image with a static image when the webcam script reads what it believes is the webcam it gets the static image instead, which explains why I look like an alien from space on the webcam. Although I did not create an extension to do that, I merely modified an existing extension to replace the function that gets the webcam image with a function to get a static image.
You can use SignalR, it is javascript library (JQuery Plugin) and it enables you to open web sockets from the browser to a server. Please check the following links:
https://blog.3d-logic.com/2015/03/29/signalr-on-the-wire-an-informal-description-of-the-signalr-protocol/
http://blog.teamtreehouse.com/an-introduction-to-websockets
https://github.com/SignalR/SignalR
I'm writing a Chrome extension, it listens the chrome.windows.onRemoved.addListener and disconnects the user when chrome window is closed.
I want to execute script (chrome.tabs.executeScript) in the "chrome://settings-frame" page.
In this page i am going to manually disconnect user from Chrome.
(by running this code: chrome.send('SyncSetupStopSyncing', [deleteProfile]);)
Is this permission possible?
Thanks for any hints.
No, there is no permission that would allow you to access chrome:// URL scheme. This is an explicit safety mechanism against potentially malicious changes to Chrome settings.
You can get the access if you enable extensions-on-chrome-urls flag, but obviously you can't do that on machines you don't fully control.
Additionally, there is no API to manipulate users in Chrome.
I am testing the annyang library for the voice command.
Unfortunately I am facing a problem that it works but the browser (chrome) only allows the listening for about 5 secs, then it asks for me to allow/deny the mic again.
(the allow is not saving in the chrome/manage exceptions setting).
What should I do?
Thanks in advance.
You can experience this behavior on the annyang official site, if you remove the SSL protocol (which is the default):
http://www.talater.com/annyang/
The reason for this is that Chrome only saves audio permission preferences for sites running on SSL. Annyang appears to close the audio context after a period of time if it isn't being used (presumably a performance thing).
Your two options are to:
Add SSL to your site using the library
File a bug report, because it should only attempt to make a connection to the audio context once
I am working with a website having a chat functionality (think Facebook chat).
I'd like to play a notification tone when a new message arrives. However, the user may have multiple tabs opened and the message arrives to the multiple tabs, as the chat session is multiplexed across different browser tabs/windows.
How to determine
If a browser has many tabs (windows) open for the same website
When a new message arrives which of the tab(s) should play a sound effect
I am aware of the Notifications API, but I'd like to solve this problem in backwards-compatible manner. Also if there are any related JavaScript libraries I would like to know about them.
You can use localStorage for such purposes. Data in localStorage is shared between all windows (tabs or iframes) with the same origin. It also can notify your application about changes in localStorage.
See IWC library. I think it will help with your tasks.
I want to create an smartphone in web browsers, and I've done a good job till now. However, when I call, Google Chrome shows this message:
'http://domain' the wants to use your microphone.
See this picture:
And this is a picture of my web-based smartphone:
However, when I call, user should click Allow in the Chrome's message bar. Is there any way that I ask the browser to save microphone settings for the current user, so that each time user is not asked for permission?
You need to serve your page over https. When using https, Chrome will remember the user's choice and will not ask again.
Then if the user wants to block the microphone again, they can click on the camera icon in the URL bar.
If you go to Chrome's Settings => Advanced => Content Settings => Media section, you see that there are only two options that you can choose:
To be asked EACH TIME a page wants to access your microphone or camera
To disable media altogether
Thus there seems to be no option for that. It might sound logical, as you don't want hackers starting your camera and capturing your private life without permission. ;)