Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[GH-3074] Fix issues with media permissions on Linux and Jitsi Meet in embedded mode on all platforms #3331

Open
wants to merge 1 commit into
base: master
Choose a base branch
from
Open

[GH-3074] Fix issues with media permissions on Linux and Jitsi Meet in embedded mode on all platforms #3331

wants to merge 1 commit into from
+32 −13

Conversation

j0794
Copy link

@j0794 j0794 commented Feb 13, 2025
edited by marianunez
Loading

Summary

  • Fixes persistence of microphone and camera access on Linux by checking the platform before calling systemPreferences.getMediaAccessStatus, which is only implemented on Windows and macOS (https://www.electronjs.org/docs/latest/api/system-preferences#systempreferencesgetmediaaccessstatusmediatype-windows-macos)
  • Allows an application to propagate the microphone and camera access setting for requests whose second-level domain matches the second-level domain of the server. For example, media permissions for the server mattermost.example.com will also propagate to Jitsi Meet jitsi.example.com in embedded mode, or any other service with the address *.example.com

Ticket Link

Fixes #3074
https://mattermost.atlassian.net/browse/MM-60965

Checklist

Device Information

This PR was tested on: Ubuntu 22.04

Release Note

NONE

@mattermost-build
Copy link
Contributor

Hello @j0794,

Thanks for your pull request! A Core Committer will review your pull request soon. For code contributions, you can learn more about the review process here.

Per the Mattermost Contribution Guide, we need to add you to the list of approved contributors for the Mattermost project.

Please help complete the Mattermost contribution license agreement?
Once you have signed the CLA, please comment with /check-cla and confirm that the CLA check is green.

This is a standard procedure for many open source projects.

Please let us know if you have any questions.

We are very happy to have you join our growing community! If you're not yet a member, please consider joining our Contributors community channel to meet other contributors and discuss new opportunities with the core team.

@marianunez marianunez added 2: Dev Review Requires review by a core committer 3: Security Review Review requested from Security Team labels Feb 13, 2025
devinbinnie
devinbinnie approved these changes Feb 18, 2025
View reviewed changes
Copy link
Member

@devinbinnie devinbinnie left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Code looks okay to me, will defer to @enzowritescode for security review.
Thanks @j0794!

@devinbinnie devinbinnie removed the 2: Dev Review Requires review by a core committer label Feb 18, 2025
@enzowritescode
Copy link
Contributor

enzowritescode commented Feb 21, 2025
edited
Loading

@j0794 can you break out the permissions.media stuff into a separate PR? That looks good to me.

The other code allows for any subdomain to be arbitrarily trusted. In MM-60965 I outlined the security requirements to ensure there wouldn't be any issues with subdomain takeovers. The security requirements that I outlined will definitely take some work, but we don't want to sacrifice on security here.

enzowritescode
enzowritescode requested changes Feb 24, 2025
View reviewed changes
src/main/permissionsManager.ts
@@ -159,6 +154,28 @@ export class PermissionsManager extends JsonFileManager<PermissionsByOrigin> {
return true;
}

const preparsedURL = parseURL(url);
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Does not meet ticket requirements

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@enzowritescode enzowritescode enzowritescode requested changes

@devinbinnie devinbinnie devinbinnie approved these changes

Requested changes must be addressed to merge this pull request.

Assignees
No one assigned
Labels
3: Security Review Review requested from Security Team Contributor release-note
Projects
None yet
Milestone
No milestone
6 participants
@j0794 @mattermost-build @enzowritescode @devinbinnie @marianunez @mm-cloud-bot