- From: Jan-Ivar Bruaroey <jib@mozilla.com>
- Date: Wed, 22 Jul 2015 11:48:11 -0400
- To: Mathieu Hofman <Mathieu.Hofman@citrix.com>, Harald Alvestrand <harald@alvestrand.no>, "public-media-capture@w3.org" <public-media-capture@w3.org>
To follow up, this has been implemented in Firefox Nightly for about a week now, and a PR is up [1]. I would love to get feedback before it goes to Dev Edition. We could probably do more by narrowing the lifetime of non-granted ids even further - for people who leave their browsers running for days, it's not much different - but if we think this is going in the right direction, then I suggest we get this merged first, before discussing that. [1] https://github.com/w3c/mediacapture-main/pull/219 .: Jan-Ivar :. On 7/7/15 9:14 PM, Jan-Ivar Bruaroey wrote: > On 7/7/15 7:12 PM, Mathieu Hofman wrote: >> Just to sum up the logic: >> >> enumerateDevices() >> If deviceId stored (persistent or in-session), reuse >> If deviceId not stored, generate new one. >> If permanent permissions were already granted, store deviceId in a >> sort of "hidden" persistent cookie. >> If permanent permissions are not granted, store deviceId in >> "hidden" session cookie >> >> gUM() >> If deviceId stored (persistent or in-session), reuse >> If deviceId not stored, generate new one, store in session cookie >> If user grants permission (temporary or permanent), store deviceId >> in "hidden" persistent cookie. >> >> Clear cookies: Remove session & persistent deviceId. > > That sounds about right. It's perhaps clearer with one cookie with a > persist-flag: > > enumerateDevices() > If deviceIds in hidden cookie, reuse > If deviceIds not in hidden cookie, generate new hidden cookie with > fresh deviceIds. > If permanent permissions were already granted, set > cookie.persist=true, else false. > > gUM() > call internal version of enumerateDevices() to get deviceIds for > this origin. > If user grants permission (temporary or permanent), and > cookie.persist == false, set to true. > > Clear cookies: Remove hidden cookies > >> I think we should not remove stored deviceId if user changes >> persistent permission type, as that introduce a weird dependency. >> It can also create a confusing case for the site: >> enumerateDevices() => { device: id = 12345 type = videoinput } >> getUserMedia({video: { deviceId: { exact: 12345 } }, user allows and >> persist permission ("always") => success, app stores deviceId to >> localStorage >> User revokes persistent permissions, which would remove stored deviceId > > No, it would persist here, because revoking is different from > permanently denying. In any case... > >> User visits site again, which has deviceId still saved in localStorage: >> getUserMedia({video: { deviceId: { exact: 12345 } } => no we have a >> problem since device 12345 no longer exists. >> >> So to revisit your questions: >>> Q: I change site X's persistent permission from "Always Allow" back to >>> the default ("Always ask"). >>> A: deviceId persists. >>> >>> Q: I change site X's persistent permission from "Always Allow" to >>> "Always Deny". >>> A: Should we clear deviceId in this case, or is it unrelated at this >>> point? >> A: It's unrelated. deviceId persists. The site might have stored it >> (or other "unique" info) in cookie/localStorage. > > I think I agree. > >> Mathieu > > .: Jan-Ivar :.
Received on Wednesday, 22 July 2015 15:48:43 UTC