- From: Jan-Ivar Bruaroey <jib@mozilla.com>
- Date: Wed, 22 Jul 2015 11:48:11 -0400
- To: Mathieu Hofman <Mathieu.Hofman@citrix.com>, Harald Alvestrand <harald@alvestrand.no>, "public-media-capture@w3.org" <public-media-capture@w3.org>
To follow up, this has been implemented in Firefox Nightly for about a
week now, and a PR is up [1]. I would love to get feedback before it
goes to Dev Edition.
We could probably do more by narrowing the lifetime of non-granted ids
even further - for people who leave their browsers running for days,
it's not much different - but if we think this is going in the right
direction, then I suggest we get this merged first, before discussing that.
[1] https://github.com/w3c/mediacapture-main/pull/219
.: Jan-Ivar :.
On 7/7/15 9:14 PM, Jan-Ivar Bruaroey wrote:
> On 7/7/15 7:12 PM, Mathieu Hofman wrote:
>> Just to sum up the logic:
>>
>> enumerateDevices()
>> If deviceId stored (persistent or in-session), reuse
>> If deviceId not stored, generate new one.
>> If permanent permissions were already granted, store deviceId in a
>> sort of "hidden" persistent cookie.
>> If permanent permissions are not granted, store deviceId in
>> "hidden" session cookie
>>
>> gUM()
>> If deviceId stored (persistent or in-session), reuse
>> If deviceId not stored, generate new one, store in session cookie
>> If user grants permission (temporary or permanent), store deviceId
>> in "hidden" persistent cookie.
>>
>> Clear cookies: Remove session & persistent deviceId.
>
> That sounds about right. It's perhaps clearer with one cookie with a
> persist-flag:
>
> enumerateDevices()
> If deviceIds in hidden cookie, reuse
> If deviceIds not in hidden cookie, generate new hidden cookie with
> fresh deviceIds.
> If permanent permissions were already granted, set
> cookie.persist=true, else false.
>
> gUM()
> call internal version of enumerateDevices() to get deviceIds for
> this origin.
> If user grants permission (temporary or permanent), and
> cookie.persist == false, set to true.
>
> Clear cookies: Remove hidden cookies
>
>> I think we should not remove stored deviceId if user changes
>> persistent permission type, as that introduce a weird dependency.
>> It can also create a confusing case for the site:
>> enumerateDevices() => { device: id = 12345 type = videoinput }
>> getUserMedia({video: { deviceId: { exact: 12345 } }, user allows and
>> persist permission ("always") => success, app stores deviceId to
>> localStorage
>> User revokes persistent permissions, which would remove stored deviceId
>
> No, it would persist here, because revoking is different from
> permanently denying. In any case...
>
>> User visits site again, which has deviceId still saved in localStorage:
>> getUserMedia({video: { deviceId: { exact: 12345 } } => no we have a
>> problem since device 12345 no longer exists.
>>
>> So to revisit your questions:
>>> Q: I change site X's persistent permission from "Always Allow" back to
>>> the default ("Always ask").
>>> A: deviceId persists.
>>>
>>> Q: I change site X's persistent permission from "Always Allow" to
>>> "Always Deny".
>>> A: Should we clear deviceId in this case, or is it unrelated at this
>>> point?
>> A: It's unrelated. deviceId persists. The site might have stored it
>> (or other "unique" info) in cookie/localStorage.
>
> I think I agree.
>
>> Mathieu
>
> .: Jan-Ivar :.
Received on Wednesday, 22 July 2015 15:48:43 UTC