[WebInstallAPI] Permission for background document installs

[Kristin Lee]

Hi folks/Dan,

Circling back to the discussion we had last week with Dan about whether to require permission for same-origin background document installs since we see multiple paths forward. We would love for folks to weigh in with their thoughts so that we may come to a final decision for what should be shipped.

Context

For all current document installs (ie. installing exactly the page you're on), we've agreed to skip the permission prompt/dialog. Around January of this year, our team decided that all background document installs, even those from the same-origin as the current page, would prompt for permission -- this is what's currently implemented and will stay in place at least through DevTrials.

During our last joint meeting on 6/12, we discussed changing this behavior before shipping, so that we skip the permission prompt if the background install is from the same origin as the current page.

Question at hand

For shipping, should the permission prompt be skipped or shown for background document installs from the same origin?

(Note -- current document install == installing the current page. Background document install == installing anything else)

Options

1. Skip permission prompt for background installs from the same origin as the current page.
   1. Seems to be better for catalog apps. Ex: If a user is on "store.app/about" installing "store.app".
   2. Considerations:
      1. Prioritizes developer experience and clarity -- it's well understood (to developers) that permissions are granted per-origin, so it's easy to explain how permissions interact with the API.
      2. Causes user confusion and security concern - It can be confusing and misleading to install something other than the user's current page, even if it's the same origin. Ex: Suites - if a user is on "office.com" and they install "office.com/word" and "office.com/powerpoint." Same for GSuite.
2. Show permission prompt for all background installs, regardless of origin.
   1. Seems to be better for Suite apps such as office.com and GSuite.
   2. Considerations
      1. Prioritizes user experience and clarity -- if the user is installing anything other than the site they're currently looking at, then require a permission.
      2. Security concern - if a user grants permission to install "store.app" from "store.app/about" (background doc installs), the origin is granted permission so if "store.app" then installs "crosswords.com" the permission prompt will not show where the user may have unknowingly granted permission to store.app for all background doc installs. 
         
         

Thanks!

Kristin

[Daniel Murphy]

This is a wonderful summary, thanks for this distillation of our conversation Kristen. I'm interested to hear what others think. I'm generally happy with either option.

--
You received this message because you are subscribed to the Google Groups "pwa-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to pwa-dev+u...@chromium.org.
To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/pwa-dev/d7d53c47-bd2c-4b9d-bebe-e499a50acd2bn%40chromium.org.

[Lia Hiscock]

Hi folks! Apologies for the delay. As discussed at the last Google/MSFT PWA sync, we're proceeding with option 2, prompting for background document installs, even if they're same origin. We'll proceed with this for OT and shipping, unless we receive strong feedback for otherwise.

Thanks!