W3C home > Mailing lists > Public > public-device-apis-log@w3.org > June 2020

Re: [geolocation-api] Restrict access to visible and user-activation-received frames (#48)

From: pes via GitHub <sysbot+gh@w3.org>
Date: Tue, 30 Jun 2020 05:25:07 +0000
To: public-device-apis-log@w3.org
Message-ID: <issue_comment.created-651546211-1593494706-sysbot+gh@w3.org>
> The Blink engine already requires a page to be visible in order to receive callbacks from the Geolocation API. I support adding this behavior as a normative requirement to the specification assuming that other implementations are on board.


> What are your thoughts about requiring a user-activation-received frame vs. requiring a user activation to request geolocation permission?

I think these are both important.  The latter makes it clear(er) to the user what site / party is making the permission request, the former reduces the ability for the capability to be misused over the long term.  

GitHub Notification of comment by pes10k
Please view or discuss this issue at https://github.com/w3c/geolocation-api/issues/48#issuecomment-651546211 using your GitHub account
Received on Tuesday, 30 June 2020 05:25:09 UTC

This archive was generated by hypermail 2.4.0 : Monday, 4 July 2022 12:47:57 UTC