Contact emails
Design doc/Spec
See above. Note: no changes to any web-facing APIs are proposed and no spec changes are required. It is chiefly a Security UX change which changes aspects of permissions behavior which are left to User Agents to decide. At the same time these changes are still closely related to the behavior of certain APIs on the web (e.g. permissions and feature policy) and so we want to ensure that affected folks are aware of and in support of the change.
Summary
From the doc:
Currently, iframes on the web can make permission requests and users will be shown permission prompts that contain the origin of the iframe. Making permission decisions for iframes and managing previous decisions is complicated and confusing.Link to “Intent to Implement” blink-dev discussion
https://groups.google.com/a/chromium.org/forum/#!msg/blink-dev/irAY53rSXIE/p0oZ5j4mAgAJ
Link to Origin Trial feedback summary
NA
Motivation
Described in detail in the doc.
Risks
Described in detail in the doc.
Debuggability
NA
Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)?
Since this is a UA-specific feature, Android WebView will not be affected. All other platforms will.
Is this feature fully tested by web-platform-tests?
Since this is a UA-specific feature it should not have web-platform-test coverage.
Link to entry on the feature dashboard
Probably unnecessary given the nature of the feature. But I can create one if needed.
Chrome bug: https://bugs.chromium.org/p/chromium/issues/detail?id=818004
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/aafa04be-adc0-4c1c-a237-418157b70a07%40chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAJUhtG-S%2BAvuUqiEGWpjFvAjuDv7F0UCkojZmDYyqM3Q6J%3DU0Q%40mail.gmail.com.
Hey Alex,Yep.> And in cases when a permission is granted from a request by a delegated-to document (iframe), are Permission Status Events dispatched in all documents?No, good catch, this is an oversight. It should be a simple fix though and I'll ensure that it's addressed before we launch.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAEYdGOXmKDc7UVukgkSVNQjmu-ehDYC7px7fZvM%3DauXh510hsg%40mail.gmail.com.
Thanks,Raymes
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/aafa04be-adc0-4c1c-a237-418157b70a07%40chromium.org.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAJUhtG-S%2BAvuUqiEGWpjFvAjuDv7F0UCkojZmDYyqM3Q6J%3DU0Q%40mail.gmail.com.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAEYdGOXmKDc7UVukgkSVNQjmu-ehDYC7px7fZvM%3DauXh510hsg%40mail.gmail.com.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CACj%3DBEhXhsVgm7w0PLGGjtf4%3Dqzvcd-0foTyXc6kgZb54oS_tg%40mail.gmail.com.To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.
Since this doesn't seem to be settled yet.....wouldn't the logical way to handle this be that given a tree of iframes, one should consider each delegated permission as defining a subtree consisting of all of the subframes that have been delegated this permission, and the first member of the subtree that asks for permission and receives it causes permission status events on all the frames within the subtree?Yes, this is a cross-frame information leakage. But the alternative (not giving iframes an accurately updated view of what permissions they have) seems worse.
Thanks,Raymes
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/aafa04be-adc0-4c1c-a237-418157b70a07%40chromium.org.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAJUhtG-S%2BAvuUqiEGWpjFvAjuDv7F0UCkojZmDYyqM3Q6J%3DU0Q%40mail.gmail.com.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAEYdGOXmKDc7UVukgkSVNQjmu-ehDYC7px7fZvM%3DauXh510hsg%40mail.gmail.com.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
Assuming that the top level frame has been granted permission AND chooses to delegate it to an iframe, that iframe will have access from the moment it is loaded. This is the same approach that's used if we have persisted a user's permission decision for a top-level frame, i.e. it will have access to that permission from the moment it loads. Events will get fired whenever the status of the permission for that frame changes.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAEYdGOUPozyUDfZx_yLBQ41biUiRwTkzU%3DY%3DdDjG8GGTFbOaGw%40mail.gmail.com.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAKXHy%3DfyBRqi5YK777Qdw79LHOb%3Dx74-RJ_ePGnCcPykV0tcxg%40mail.gmail.com.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAARdPYdLW_i2H3v0AWHB9BFKMR%3D4SniDGJYjZZEA58XPwnrZ6A%40mail.gmail.com.