From 9faaa790640b41d52ffdffbca804fd6fbf3ace85 Mon Sep 17 00:00:00 2001
From: Devin Binnie <52460000+devinbinnie@users.noreply.github.com>
Date: Thu, 2 Nov 2023 12:21:58 -0400
Subject: [PATCH] [MM-55054] Consider a matching origin for a media request as
 a trusted URL when checking permissions (#2893)

---
 src/main/permissionsManager.test.js | 18 +++++++++++++++++-
 src/main/permissionsManager.ts      |  2 +-
 2 files changed, 18 insertions(+), 2 deletions(-)

diff --git a/src/main/permissionsManager.test.js b/src/main/permissionsManager.test.js
index b94308cb..0130f697 100644
--- a/src/main/permissionsManager.test.js
+++ b/src/main/permissionsManager.test.js
@@ -65,7 +65,7 @@ describe('main/PermissionsManager', () => {
                 return null;
             }
         });
-        isTrustedURL.mockImplementation((url, baseURL) => baseURL.toString().startsWith(url.toString()));
+        isTrustedURL.mockImplementation((url, baseURL) => url.toString().startsWith(baseURL.toString()));
     });
 
     afterEach(() => {
@@ -188,4 +188,20 @@ describe('main/PermissionsManager', () => {
         ]);
         expect(dialog.showMessageBox).toHaveBeenCalledTimes(1);
     });
+
+    it('should still pop dialog for media requests from the servers origin', async () => {
+        ViewManager.getViewByWebContentsId.mockImplementation((id) => {
+            if (id === 2) {
+                return {view: {server: {url: new URL('http://anyurl.com/subpath')}}};
+            }
+
+            return null;
+        });
+        const permissionsManager = new PermissionsManager('anyfile.json');
+        permissionsManager.writeToFile = jest.fn();
+        const cb = jest.fn();
+        dialog.showMessageBox.mockReturnValue(Promise.resolve({response: 0}));
+        await permissionsManager.handlePermissionRequest({id: 2}, 'media', cb, {securityOrigin: 'http://anyurl.com'});
+        expect(dialog.showMessageBox).toHaveBeenCalled();
+    });
 });
diff --git a/src/main/permissionsManager.ts b/src/main/permissionsManager.ts
index 672421be..2d1b4967 100644
--- a/src/main/permissionsManager.ts
+++ b/src/main/permissionsManager.ts
@@ -106,7 +106,7 @@ export class PermissionsManager extends JsonFileManager<Permissions> {
         }
 
         // is the requesting url trusted?
-        if (!isTrustedURL(parsedURL, serverURL)) {
+        if (!(isTrustedURL(parsedURL, serverURL) || (permission === 'media' && parsedURL.origin === serverURL.origin))) {
             return false;
         }