Intent to Prototype and Ship: Permissions Policy for Web Bluetooth API
Gabriel Brito
Hi,
Hope you are doing well. We would like to request approval for this feature. Thank you in advance!
Contact emails
Explainer
https://webbluetoothcg.github.io/web-bluetooth/#permissions-policy
Specification
https://webbluetoothcg.github.io/web-bluetooth/#permissions-policy
Summary
Integrates the Web Bluetooth API with Permissions Policy, which should be identified by the "bluetooth" token. The Web Bluetooth API allows webpages to communicate with devices over Bluetooth. However, this API is not allowed to be used from cross-origin iframes. This integration enables this scenario while providing protection against unwanted access to Bluetooth capabilities, which requires the top-level document to explicitly allow a cross-origin iframe to use the API's methods.
Blink component
Risks
Interoperability and Compatibility
Low interoperability risks, since it is an integration of the Web Bluetooth API with Permissions Policy, which is already widely adopted. Also not explicitly allowing an iframe to use bluetooth with allow="bluetooth" won't affect the current behavior.
Gecko: No signal
WebKit: No signal
Web developers: Positive (https://bugs.chromium.org/p/chromium/issues/detail?id=518042)
Other signals:
Ergonomics
No anticipated ergonomic risks.
Activation
If developers would like to provide access to Web Bluetooth to cross-origin trusted iframes, they just need to add allow="bluetooth" to it.
Security
This integration makes the Web Bluetooth API more secure while keeping the current behavior and adding more capabilities to it.
WebView application risks
Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications?
No. Web Bluetooth is not available in WebView.
Debuggability
N/A (No DevTools support needed)
Is this feature fully tested by web-platform-tests?
Yes
Flag name
No flag.
Requires code in //chrome?
False
Tracking bug
https://bugs.chromium.org/p/chromium/issues/detail?id=518042
Estimated milestones
No milestones specified
Anticipated spec changes
Open questions about a feature may be a source of future web compat or interop issues. Please list open issues (e.g. links to known github issues in the project for the feature specification) whose resolution may introduce web compat/interop risk (e.g., changing to naming or structure of the API in a non-backward-compatible way).
Link to entry on the Chrome Platform Status
Yoav Weiss
Hi,
Hope you are doing well. We would like to request approval for this feature. Thank you in advance!
Contact emails
Explainer
https://webbluetoothcg.github.io/web-bluetooth/#permissions-policy
Specification
https://webbluetoothcg.github.io/web-bluetooth/#permissions-policy
Summary
Integrates the Web Bluetooth API with Permissions Policy, which should be identified by the "bluetooth" token. The Web Bluetooth API allows webpages to communicate with devices over Bluetooth. However, this API is not allowed to be used from cross-origin iframes. This integration enables this scenario while providing protection against unwanted access to Bluetooth capabilities, which requires the top-level document to explicitly allow a cross-origin iframe to use the API's methods.
Blink component
Risks
Interoperability and Compatibility
Low interoperability risks, since it is an integration of the Web Bluetooth API with Permissions Policy, which is already widely adopted. Also not explicitly allowing an iframe to use bluetooth with allow="bluetooth" won't affect the current behavior.
Gecko: No signal
Mike Taylor
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/929c4b63-a112-4522-8243-7e4b26e85555n%40chromium.org.
