[MM-55054] Consider a matching origin for a media request as a trusted URL when checking permissions (#2893)

src/main/permissionsManager.test.js

@@ -65,7 +65,7 @@ describe('main/PermissionsManager', () => {
                 return null;
             }
         });
-        isTrustedURL.mockImplementation((url, baseURL) => baseURL.toString().startsWith(url.toString()));
+        isTrustedURL.mockImplementation((url, baseURL) => url.toString().startsWith(baseURL.toString()));
     });
 
     afterEach(() => {
@@ -188,4 +188,20 @@ describe('main/PermissionsManager', () => {
         ]);
         expect(dialog.showMessageBox).toHaveBeenCalledTimes(1);
     });
+
+    it('should still pop dialog for media requests from the servers origin', async () => {
+        ViewManager.getViewByWebContentsId.mockImplementation((id) => {
+            if (id === 2) {
+                return {view: {server: {url: new URL('http://anyurl.com/subpath')}}};
+            }
+
+            return null;
+        });
+        const permissionsManager = new PermissionsManager('anyfile.json');
+        permissionsManager.writeToFile = jest.fn();
+        const cb = jest.fn();
+        dialog.showMessageBox.mockReturnValue(Promise.resolve({response: 0}));
+        await permissionsManager.handlePermissionRequest({id: 2}, 'media', cb, {securityOrigin: 'http://anyurl.com'});
+        expect(dialog.showMessageBox).toHaveBeenCalled();
+    });
 });

src/main/permissionsManager.ts

@@ -106,7 +106,7 @@ export class PermissionsManager extends JsonFileManager<Permissions> {
         }
 
         // is the requesting url trusted?
-        if (!isTrustedURL(parsedURL, serverURL)) {
+        if (!(isTrustedURL(parsedURL, serverURL) || (permission === 'media' && parsedURL.origin === serverURL.origin))) {
             return false;
         }