mirror of
https://github.com/electron/electron.git
synced 2026-05-02 03:00:22 -04:00
be53e0a470
WebContentsPermissionHelper::CheckPermission was hardcoding GetPrimaryMainFrame() and deriving the requesting origin from web_contents_->GetLastCommittedURL(), so the setPermissionCheckHandler callback always received the top frame's origin and details.isMainFrame/details.requestingUrl always reflected the main frame, even when a cross-origin subframe with allow="serial" or allow="camera; microphone" triggered the check. Thread the requesting RenderFrameHost through CheckPermission, CheckSerialAccessPermission, and CheckMediaAccessPermission so the permission manager receives the real requesting frame. Update the serial delegate and WebContents::CheckMediaAccessPermission callers to pass the frame they already have. Adds a regression test that loads a cross-origin iframe with allow="camera; microphone", calls enumerateDevices() from within the iframe, and asserts the permission check handler receives the iframe origin for requestingOrigin, isMainFrame, and requestingUrl. Co-authored-by: trop[bot] <37223003+trop[bot]@users.noreply.github.com> Co-authored-by: Sam Attard <sattard@anthropic.com>