I'm working on developing a chrome extension that adds the ability to users to stream videos from any website they want by using Agora SKD. What the extension supposed to do is showing the streaming video screen inside the opened tab. I'm using Agora library to stream the videos.
Agora library requests media permissions(camera and microphone) for the opened website; If the user was on w3schools.com website, then media permissions will be granted to w3schools.com website.
Granting media permission to every website I need to inject my javascript code in and start video streaming on is not something very wise, because those websites can run scripts in the future that will access user's camera and microphone. That's why I'm looking for a way to limit websites access to those permissions.
The first way I thought in to show the video stream inside the tab without granting w3schools website media permission is embedding the video stream code in another website owned by my chrome extension mywebsite.com, grant my website the media permission and display my website within w3schools.com. I tried to put my website mywebsite.com inside a frame within w3schools.com website and ask for permission from my website. This doesn't work cause Chrome grants the permission to w3schools.com website and passed the permission to the frame that running my website.
<!--Allow camera and microphone access within the context of this iframe-->
<iframe src="https://mywebsite.com" allow="camera;microphone"></iframe>
<!--Other content of w3schools.com goes here-->
I tried to also look for a way to grant w3schools.com website media permissions temporarily and revoke the permissions after the video streaming is over but I couldn't find any way to do that.
I didn't find any way to revoke/reset the permissions using JS.
I didn't find any way to revoke/reset the permissions using chrome extension api interface.
I didn't find anyway to temporarily grant the media permission to a tab(until it's closed or for a certain time).
I didn't find anyway to access chrome://settings/content/siteDetails?site=https%3A%2F%2Fwww.w3schools.com and change the website permission from there.
So my questions are:
How can I revoke the media permissions access for a website using chrome extensions?
Is there a way where I can load my website https://mywebsite.com within w3schools.com and request the media permissions to https://mywebsite.com instead of w3schools.com?
This is by no means a complete answer, but I did some research to help you out.
Permissions.revoke() is deprecated
Seems like there used to be Permissions.revoke() functionality, but it has been deprecated for some reason: https://developer.mozilla.org/en-US/docs/Web/API/Permissions/revoke
There is a community draft for relinquishing permissions
I bumped into this W3C Community Draft about Revoke API: https://wicg.github.io/permissions-revoke/
Extensions have permission pages
Seems like extensions have permission pages. For example, I went to my Chrome's extensions page a chose Google Keep Chrome Extension for this:
I copied the id extension ID lpcaedmchfhocbbapmcbpinfpgnhiddi and made the following URL out of it:
chrome://settings/content/siteDetails?site=chrome-extension://lpcaedmchfhocbbapmcbpinfpgnhiddi
And this brought me to the following page:
I don't know if there is any use for this, but I thought it was interesting.
Exploiting chrome://settings/content/siteDetails reset-button functionality
I (also) tried to figure out what does Chrome's website permissions page do in order to revoke the permissions, but couldn't find an answer. I've actually tried to do something similar before and speaking from experience, something like this will most likely not work, e.g. Chrome has this stuff figured out and does not allow calling certain "system functions" from any page - that would make no sense.
The iframe idea won't work
Iframe's allow-attribute only delegates permissions from the parent page.
Your options
As far as I can tell right now, I believe your options are to either ignore the issue, find a way to disable Agora needing those permissions (if you only need to stream videos from websites, where do you need microphone or webcam anyway?), or replace Agora with something else - by utilizing the Media Streams API, this should be relatively simple.
Related
I'm creating a browser using Electron. And it opens websites using webview.
<webview id="View" useragent="..." src="https://example.com/" plugins="" preload="file/dir/webview.js" webpreferences="..." enableremotemodule="false" allowpopups=""></webview>
Now I've got a question, how can I detect when a website is trying to request access to something using JS/Node?
The explanation of my question:
Every website in chrome has its own settings, and they can be access by clicking Site settings in the page info window (look up in the picture) or by going to chrome://settings/content/siteDetails.
And the website settings include whether it can or can't access the user location, use the microphone, use JavaScript, Senf Notifications, etc.
How can I control those settings of websites in electron?
And how can I detect when a website is trying to gain access to one of those permissions? (just like how Wexond does, Wexond is a browser that is built using Electron)
I am trying to make a chrome extension where I need access to the webcam feed once the user has allowed permission and has toggled on button in the extension popup. The feed should (and the extension) should keep running persistently until the user has stopped the feed via the control in the popup or has exited chrome.
Unfortunately, there's not sufficient information as to how to do this, let alone access webcam from the extension. I did read the related answer where its mentioned to use content scripts but there's no example code for it. (And no documentation as well).
Also, unfortunately I don't have enough working code to give insight of my progress.
Due to GDPR law, it seems we need user consent for even Youtube embeded videos on our website also similar to what we have to do for Google Analytics.
I have been searching through but could find a ways to much help on net or plugin which can get user consent for youTube videos.
We can use www.youtube-nocookie.com to embed videos which is not setting http cookies. Instead the alternative domain is setting persistent "super cookies" in the browsers HTML Locale Storage which also requires consent.
I came across one website which required user consent before playing youtube video but i am not sure how they are doing it.
https://edps.europa.eu/press-publications/press-news/videos/cnn-regulators-probe-facebook-over-data-privacy-giovanni_en
another example which shows a way around is below, but this doesn't show a working example
https://cybot.uservoice.com/knowledgebase/articles/614733-iframe-cookie-consent-with-youtube-example
I am talking about this notification:
Somehow SoundCloud (the website) makes this notification appear and it has working controls. I do not have the app installed, that notification originates from com.android.chrome. I don't really need to know this to reproduce it, but I'm curious as to how it accomplishes this and perhaps in what other ways you can use it.
This is accomplished with Chrome Media Notifications. https://developers.google.com/web/updates/2015/07/media-notifications
To get the playback controls, and other information on the notification, you can customise them by providing meta data with the Media Session API. https://developers.google.com/web/updates/2017/02/media-session
When Android is programmed, it gets certain features that allow it to communicate with web hosts and websites. The website will have to be built a certain way that allows it to be communicative, but that seems to be what's happening in this situation.
I have made an application to record a video by following this steps : https://github.com/muaz-khan/RecordRTC,
I want access to allow the camera always 'allow',
i've tried bypass the allow permission in popup allow webcam use start chrome --use--fake-ui--for--media-stream and it's work for me, but when i closed my chrome and then i opened chrome again , the popup permission allow webcam still showing,
what's the solution?
If you serve your application from an https domain, Chrome will remember the user's answer to the permissions dialog after the first use, so if they use it once, permission is granted (they click "allow"), the next time they use it, permission will be granted automatically and they won't be shown the pop up again.