W3C home > Mailing lists > Public > public-geolocation@w3.org > June 2020

Re: [geolocation-api] Restrict access to visible and user-activation-received frames (#48)

From: pes via GitHub <sysbot+gh@w3.org>
Date: Tue, 30 Jun 2020 05:25:07 +0000
To: public-geolocation@w3.org
Message-ID: <issue_comment.created-651546211-1593494706-sysbot+gh@w3.org>
> The Blink engine already requires a page to be visible in order to receive callbacks from the Geolocation API. I support adding this behavior as a normative requirement to the specification assuming that other implementations are on board.

🤗

> What are your thoughts about requiring a user-activation-received frame vs. requiring a user activation to request geolocation permission?

I think these are both important.  The latter makes it clear(er) to the user what site / party is making the permission request, the former reduces the ability for the capability to be misused over the long term.  

-- 
GitHub Notification of comment by pes10k
Please view or discuss this issue at https://github.com/w3c/geolocation-api/issues/48#issuecomment-651546211 using your GitHub account
Received on Tuesday, 30 June 2020 05:25:09 UTC

This archive was generated by hypermail 2.4.0 : Tuesday, 30 June 2020 05:25:09 UTC