Add explicit permission check handler for media queries#2289
Add explicit permission check handler for media queries#2289IsmaelMartinez wants to merge 3 commits intomainfrom
Conversation
Teams' calling module may query navigator.permissions before starting a call. Without setPermissionCheckHandler, Electron can return an unexpected state, which could cause the calling component to fail during initialisation. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
✅ Changelog entry generated and committed to this PR: The file You can edit it directly in this PR if needed. |
Summary of ChangesHello, I'm Gemini Code Assist1! I'm currently reviewing this pull request and will post my feedback shortly. In the meantime, here's a summary to help you and other reviewers quickly get up to speed! This pull request introduces a fix for an issue where the Teams calling module could fail to initialize within the Electron application. The problem stemmed from Electron's default permission checks returning an unexpected state for media queries. By explicitly setting a permission check handler to always grant camera and microphone access, the PR ensures consistent permission reporting, allowing the Teams calling module to initialize correctly. Highlights
🧠 New Feature in Public Preview: You can now enable Memory to help Gemini Code Assist learn from your team's feedback. This makes future code reviews more consistent and personalized to your project's style. Click here to enable Memory in your admin console. Changelog
Using Gemini Code AssistThe full guide for Gemini Code Assist can be found on our documentation page, here are some quick tips. Invoking Gemini You can request assistance from Gemini at any point by creating a comment using either
Customization To customize Gemini Code Assist for GitHub experience, repository maintainers can create a configuration file and/or provide a custom code review style guide (such as PEP-8 for Python) by creating and adding files to a Limitations & Feedback Gemini Code Assist may make mistakes. Please leave feedback on any instances where its feedback is incorrect or counter productive. You can react with 👍 and 👎 on @gemini-code-assist comments. If you're interested in giving your feedback about your experience with Gemini Code Assist for Github and other Google products, sign up here. You can also get AI-powered code generation, chat, as well as code reviews directly in the IDE at no cost with the Gemini Code Assist IDE Extension. Footnotes
|
![gemini-code-assist[bot]](https://avatars.githubusercontent.com/in/956858?s=60&v=4){kind=small}
There was a problem hiding this comment.
Code Review
The pull request addresses an issue where Teams' calling module might fail due to unexpected states for media queries by explicitly setting a permission check handler to ensure navigator.permissions.query() reports 'granted' for camera and microphone. However, this introduces a significant security risk by explicitly granting all permission requests in the Electron session, bypassing critical security controls. The current implementation grants all permissions universally, which could lead to unintended security implications. Furthermore, the preload script contains a generic IPC bridge, a known security anti-pattern. A more targeted approach with granular permission checks, focusing only on necessary permissions, and removing the generic IPC bridge is recommended to improve the application's security posture and adhere to the principle of least privilege.
📦 PR Build Artifacts✅ Build successful! Download artifacts: 🐧 Linuxx86_64 (435.61 MB) - Contains: .deb, .rpm, .tar.gz, .AppImage arm64 (426.83 MB) - Contains: .deb, .rpm, .tar.gz, .AppImage armv7l (404.89 MB) - Contains: .deb, .rpm, .tar.gz, .AppImage 🍎 macOSx86_64 (125.29 MB) - Contains: .dmg 🪟 Windowsx86_64 (105.74 MB) - Contains: .exe installer 📝 Note: Snap packages (.snap) are built in a separate workflow 🕐 Last updated: 2026-03-03 11:51 UTC |
📦 PR Snap Build Artifacts✅ Snap builds successful! Download artifacts: 🐧 Linux Snap Packagesx86_64 (107.67 MB) arm64 (104.58 MB) armv7l (98.82 MB) 📝 Note: Other package formats (.deb, .rpm, .AppImage, .dmg, .exe) are built in the main workflow |
Restrict permission grants to known Teams origins instead of granting all permissions universally. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
Teams' calling component crashes during _getInitialState because Electron does not grant media permissions by default. This adds permission handling at three layers: 1. setPermissionRequestHandler - grants camera/microphone/display-capture requests so Teams can access devices without a prompt dialog 2. setPermissionCheckHandler - returns true for trusted Teams origins so navigator.permissions.query() reports the correct state 3. Preload permissions.query() override - directly patches the renderer Permissions API to report 'granted' for media, covering Chromium version differences in how the native handler maps to the JS API Supersedes #2289. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
|
Superseded by #2331, which includes this change plus two additional permission-handling layers. |
1 participant
Summary
session.setPermissionCheckHandler(() => true)so thatnavigator.permissions.query()explicitly reports "granted" for camera/microphoneCloses #2221
Test plan
🤖 Generated with Claude Code