https://hacks.mozilla.org/2020/07/securing-gamepad-api/
https://www.w3.org/TR/gamepad/
https://github.com/w3c/gamepad/pull/112
https://docs.google.com/document/d/1Dj_7EpT9ttnI96BuNXtLEJkHEq0orHgoLeYaOBz9xsU/edit?usp=sharing
Adds a "gamepad" permissions policy-controlled feature. Information about connected gamepads is only provided to contexts that are allowed to access the "gamepad" feature. Default policy allows cross-origin iframes and does not change behavior on existing sites.
Note that the Securing Gamepad API article and Chrome Platform Status entry also describe a change to require Secure Context. This intent only applies to the policy-controlled feature. The secure context requirement will be communicated in a separate Intent.
N/A
Firefox initially rolled out this change with the default allowlist set to 'self' which broke some sites that accessed gamepads from a cross-origin iframe. To avoid breakage, the default allowlist was changed to '*' (all) which has the same behavior as the current implementation. Since the behavior is the same we do not anticipate any breakage.
Gecko: Shipped in Firefox 82
WebKit: No signals
Web developers: Strongly Negative (https://github.com/w3c/gamepad/issues/145) Chris from Megapixel VR asked not to restrict to secure contexts due to breaking locally hosted (but not localhost) services and the use of self-signed certificates.
Other signals: None
Yes
chrome://flags/#restrict-gamepad-access
False
https://bugs.chromium.org/p/chromium/issues/detail?id=1314563
Contact emails
mattre...@google.com
Explainer
https://hacks.mozilla.org/2020/07/securing-gamepad-api/
Specification
https://www.w3.org/TR/gamepad/
https://github.com/w3c/gamepad/pull/112
Design docs
https://docs.google.com/document/d/1Dj_7EpT9ttnI96BuNXtLEJkHEq0orHgoLeYaOBz9xsU/edit?usp=sharing
Summary
Adds a "gamepad" permissions policy-controlled feature. Information about connected gamepads is only provided to contexts that are allowed to access the "gamepad" feature. Default policy allows cross-origin iframes and does not change behavior on existing sites.
Note that the Securing Gamepad API article and Chrome Platform Status entry also describe a change to require Secure Context. This intent only applies to the policy-controlled feature. The secure context requirement will be communicated in a separate Intent.
Blink component
TAG review
N/A
Risks
Interoperability and Compatibility
Firefox initially rolled out this change with the default allowlist set to 'self' which broke some sites that accessed gamepads from a cross-origin iframe. To avoid breakage, the default allowlist was changed to '*' (all) which has the same behavior as the current implementation. Since the behavior is the same we do not anticipate any breakage.
Gecko: Shipped in Firefox 82
WebKit: No signals
Web developers: Strongly Negative (https://github.com/w3c/gamepad/issues/145) Chris from Megapixel VR asked not to restrict to secure contexts due to breaking locally hosted (but not localhost) services and the use of self-signed certificates.
Other signals: None
Is this feature fully tested by web-platform-tests?
Yes
Flag name
chrome://flags/#restrict-gamepad-access
Requires code in //chrome?
False
Tracking bug
https://bugs.chromium.org/p/chromium/issues/detail?id=1314563
Link to entry on the Chrome Platform Status
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAKfE4fJX8VOe1imhcv1AGZdg7EKMoDeO-_So5OemGv2pCeGiRQ%40mail.gmail.com.
LGTM2
/Daniel
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAKfE4fLqQ5bf7kVD5Dnf0M1%3DY5%2B3WscWTddrXcz9kpO-k-C_yg%40mail.gmail.com.
Which version of Chrome are you hoping to ship this in?
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/00000000000039989e05dd7b742d%40google.com.
Which version of Chrome are you hoping to ship this in?
--