-
Bug
-
Resolution: Fixed
-
Minor
-
3.7.2, 3.8, 3.10
-
MOODLE_310_STABLE, MOODLE_37_STABLE, MOODLE_38_STABLE
-
MOODLE_38_STABLE, MOODLE_39_STABLE
-
MDL-66810-master -
-
0
-
4.0 holding pattern 4, 4.0 holding pattern 5
Browser restrictions on iframe content prevent the device camera and microphone from being accessed, unless explicitly allowed via the allow attribute on the iframe.
Moodle's own RecordRTC icons on the Atto and TinyMCE toolbars will currently not work if shared within an external tool iframe. There are also 3rd party apps such as VoiceThread and Poodll recording which will not work if embedded using Moodle's external tool currently.
This is also related to https://tracker.moodle.org/browse/MDL-65613
which requests the addition of "autoplay" to the allow attributes.
The chrome browser family added these restrictions last year (2018) and his document explains it a little.
https://dev.chromium.org/Home/chromium-security/deprecating-permissions-in-cross-origin-iframes
It might be prudent to also add "geolocation" and possibly "midi" to the allow list since these are likely to also be required at some point.
It should be noted that allowing these items will still not enable them. The user's explicit permission will be requested before access to camera, microphone or geolocation is granted .
Following the item being allowed, a URL can be specified to restrict permission to that origin. If omitted the allowed origin is that of the URL in the src attribute. In the case of the mod_lti the src attribute contains a local Moodle url. Since we do not know the true origin (easily) typically a wildcard is used. So the resulting attribute looks like this:
allow="microphone *; camera *; geolocation *"