Re: [screen-wake-lock] User prompts to show an active screen-lock should have an associated domain (#278) from Reilly Grant via GitHub on 2020-09-28 (public-device-apis-log@w3.org from September 2020)

From: Reilly Grant via GitHub <sysbot+gh@w3.org>
Date: Mon, 28 Sep 2020 23:23:49 +0000
To: public-device-apis-log@w3.org
Message-ID: <issue_comment.created-700334535-1601335428-sysbot+gh@w3.org>

@jumde, the ability to use this feature in iframes is [controlled by Permissions Policy](https://w3c.github.io/screen-wake-lock/#policy-control). By default a cross-origin iframe cannot use this feature at all.

Speaking for Chrome it is unlikely that we would display origin of an iframe rather than that of the top-level document when notifying the user that a page is using this feature as that would go against the direction we've taken for [Permission Delegation](https://docs.google.com/document/d/1x5QejvpyQ71LPWhMLsaM1lWCfSsBsSQ8Dap9kJ6uLv0/edit). The distinction between the top-level site abusing this capability and a cross-origin iframe it has delegate permission to doing so (intentionally or unintentionally) is irrelevant for users.

-- 
GitHub Notification of comment by reillyeon
Please view or discuss this issue at https://github.com/w3c/screen-wake-lock/issues/278#issuecomment-700334535 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config

Received on Monday, 28 September 2020 23:23:51 UTC