Screen Capture API request broken inside an iframe

[tom2bec]

Look like Screen Capture API permission check ☝️ is now mandatory since : Chrome 94, FireFox 92 and Safari when your app is embedded inside an iframe ...

General documentation about this subject, doesn't seem to be up to date as it's not really considered anymore like an experimental feature by last browsers updates 😄

Could you consider to add parameter allow=display-capture on the iframe declaration containing third part apps inside Zendesk support ?

[sostopher]

Hi Tom,

Thanks for opening this issue. On this, we are not planning to support this parameter until it's released and in production (as per our Security team). Currently, MDN has display-capture as experimental and not recommended for production use: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy/display-capture

Once this changes and browsers support it (and it's no longer an experiment) we see no reason not to implement this permission.

Chris

[tom2bec]

Hey Chris,

Thanks for the quick feedback. Definitely understand that this permission is still tagged as experimental by MDN, but microphone and camera permissions are also in the same level.

Yet these two features policy are already integrated on Zendesk iframe permissions. Maybe I missed something but not sure to follow the logic ?

Note: According to MDN doc an item is no longer experimental when It is implemented in two or more major browsers : https://developer.mozilla.org/en-US/docs/MDN/Guidelines/Conventions_definitions#experimental

[tom2bec]

We've reported the point to MDN for update : mdn/browser-compat-data#12708