Contact emails
Eng: gar...@chromium.org, jamie...@chromium.org, domi...@chromium.org, mgi...@chromium.org
Spec
Explainer: https://github.com/jondahlke/system-keyboard-lock/blob/master/EXPLAINER.md
WICG Discourse: https://discourse.wicg.io/t/proposal-system-keyboard-lock-api/1594
Draft Spec: https://rawgit.com/garykac/system-keyboard-lock/master/index.html
Summary
While in fullscreen, this API allows the app to request to receive keys that are normally handled by the system or the browser (like Cmd/Alt-Tab or Esc). If granted, the user would be able to exit System Keyboard Lock (and fullscreen) by holding the Esc key for 2 seconds.
Motivation
Some web apps, like remote access apps and games, need access to system keys so that they can handle them in the way that the user expects:
In a fullscreen connection to a remote computer, the user expects system level keyboard shortcuts to work on the remote machine.
In games that are ported to, emulated on, or streamed to the web, the Esc key may be used to bring up a context menu or to escape from in-game UI. In these case, the user expects the key to be handled appropriately by the game.
Currently, apps address this problem (in Chrome) by using Chrome App APIs. However, the recent deprecation announcement means that we need equivalents in the open web.
Interoperability and Compatibility Risk
Low/Medium.
This feature is not currently available in any browser, so adding it will not break any existing content.
This feature is a recurring request from web developers (specifically makers of remote access and ssh apps) and users (most often by users of those applications). See related user bugs: 84332, 119881, 162504, 175724, 223118, 436670 and note that the ones marked "Fixed" are because of the (soon-to-be-deprecated) Chrome App APIs.
However, this feature does not appear to be a high priority for other browser vendors, so the risk is MEDIUM that they won't get around to implementing it. This feature was discussed at TPAC during the Web Platform meeting (present: Edge, FF, Yandex), and it was agreed that this was useful although concerns were raised about security (cf. fullscreen). See discussion at the end of https://www.w3.org/2016/09/23-webapps-minutes.html#item11
And finally, note that while this feature is important for the scenarios mentioned above, if it is missing it will not break the entire app, but will instead result in a degraded (but still functional) experience.
Ongoing technical constraints
None.
Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)?
Windows, Mac, Linux and ChromeOS.
As currently defined, this feature is a no-op on mobile platforms (although we're investigating what should happen when an external keyboard is connected to a mobile device).
OWP launch tracking bug
Link to entry on the feature dashboard
https://www.chromestatus.com/features/5642959835889664
Requesting approval to ship?
Not at this time.
Have you asked feedback about this from security/privacy folks, as was requested @TPAC?
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org
<mailto:blink-dev+unsubscribe@chromium.org>.
The explainer says "System keyboard lock is only available when the document is in fullscreen mode, and only from a secure origin". If there's little chance that this would ever work independent of Fullscreen, would it then make sense to do this as an option to requestFullscreen() instead? Maybe element.requestFullscreen({ allowKeyCodes: [27] })?
From https://github.com/jondahlke/system-keyboard-lock/blob/master/EXPLAINER.md#sample-user-experience-flow it looks like there are no new prompts, but just a change in the messaging for how to exit fullscreen. That doesn't seem possible if the request to get esc key events happens after the fullscreen request, which happens in the sample code.
requestSystemKeyboardLock();requestFullscreen();The fullscreen message would be be updated to "Hold ESC..." before it was shown.
requestFullscreen();...requestSystemKeyboardLock();The fullscreen message would initially be "Press ESC...", but would change to "Hold ESC..." once keyboard lock was called.
If the "Press" was still being displayed, then it would change to "Hold" and the display timer would be reset.
If the "Press" message had already been removed, then a new "Hold" message would appear (with timer).
We expect the common case to be where these 2 requests are made at roughly the same time (before any screen updates), so the user would only see the "Hold" message.
I'm happy there won't be a separate permission prompt! Still, can this API implemented if the request can fail?
Even if allowed to fail async by return a promise, it wouldn't be possible to wait for keyboard lock to be granted before requesting fullscreen, as by then there will be no user gesture.
How might one go about implementing an atomic "enter fullscreen with keyboard lock or do nothing" wrapper around these two APIs?
On naming, I wonder what the significance of "system" is? Fullscreen is also a device-global "resource", and is simply element.requestFullscreen(). In other words, navigator.requestKeyboardLock()?
It will be exciting to see where this goes, personally I could see it as quite useful in remoting to another browser a la BrowserStack and having the remote browser's shortcuts just work :)
On Wed, Jan 4, 2017 at 5:43 AM, Philip Jägenstedt <foo...@chromium.org> wrote:I'm happy there won't be a separate permission prompt! Still, can this API implemented if the request can fail?If the request for Keyboard Lock fails, the the user agent will simply not forward any of the special system keys to the web app. Everything else would be unaffected -- the app just won't see the extra keys.Even if allowed to fail async by return a promise, it wouldn't be possible to wait for keyboard lock to be granted before requesting fullscreen, as by then there will be no user gesture.True. This sounds like another problem with using "user gesture" as a stand in for "user intent". :-(How might one go about implementing an atomic "enter fullscreen with keyboard lock or do nothing" wrapper around these two APIs?This wasn't a use case that we designed for. We focused on gracefully degrading (you don't get the keys that you requested) and we didn't want to tie this to other APIs (so we can possibly separate it later).But, having said that...If we changed the keylock API to:boolean requestKeyboardLock(...);then we could use:if (requestKeyboardLock(...)) {requestFullscreen();}But if we made keylock return a Promise:Promise<void> requestKeyboardLock(...);then I don't think it's possible to have an atomic fullscreen/keylock because of (as you mention) fullscreen's user gesture requirement
On Thu, 12 Jan 2017 at 12:38 'Gary Kačmarčík (Кошмарчик)' via blink-dev <blin...@chromium.org> wrote:
How might one go about implementing an atomic "enter fullscreen with keyboard lock or do nothing" wrapper around these two APIs?
[...]
But if we made keylock return a Promise:Promise<void> requestKeyboardLock(...);then I don't think it's possible to have an atomic fullscreen/keylock because of (as you mention) fullscreen's user gesture requirement
I believe the user gesture status is propagated through promises as long as they resolve within a short time. For instance, if you call setTimeout from a user gesture context, the resulting function will still be able to do things that require a user gesture as long as the timeout is small (<1000ms?), but not if the timeout is longer.
On Thu, 12 Jan 2017 at 12:38 'Gary Kačmarčík (Кошмарчик)' via blink-dev <blin...@chromium.org> wrote:On Wed, Jan 4, 2017 at 5:43 AM, Philip Jägenstedt <foo...@chromium.org> wrote:I'm happy there won't be a separate permission prompt! Still, can this API implemented if the request can fail?If the request for Keyboard Lock fails, the the user agent will simply not forward any of the special system keys to the web app. Everything else would be unaffected -- the app just won't see the extra keys.Even if allowed to fail async by return a promise, it wouldn't be possible to wait for keyboard lock to be granted before requesting fullscreen, as by then there will be no user gesture.True. This sounds like another problem with using "user gesture" as a stand in for "user intent". :-(How might one go about implementing an atomic "enter fullscreen with keyboard lock or do nothing" wrapper around these two APIs?This wasn't a use case that we designed for. We focused on gracefully degrading (you don't get the keys that you requested) and we didn't want to tie this to other APIs (so we can possibly separate it later).But, having said that...If we changed the keylock API to:boolean requestKeyboardLock(...);then we could use:if (requestKeyboardLock(...)) {requestFullscreen();}But if we made keylock return a Promise:Promise<void> requestKeyboardLock(...);then I don't think it's possible to have an atomic fullscreen/keylock because of (as you mention) fullscreen's user gesture requirementI believe the user gesture status is propagated through promises as long as they resolve within a short time. For instance, if you call setTimeout from a user gesture context, the resulting function will still be able to do things that require a user gesture as long as the timeout is small (<1000ms?), but not if the timeout is longer.