Re: Request for feedback: Media Capture and Streams Last Call

To follow up, this has been implemented in Firefox Nightly for about a 
week now, and a PR is up [1]. I would love to get feedback before it 
goes to Dev Edition.

We could probably do more by narrowing the lifetime of non-granted ids 
even further - for people who leave their browsers running for days, 
it's not much different - but if we think this is going in the right 
direction, then I suggest we get this merged first, before discussing that.

[1] https://github.com/w3c/mediacapture-main/pull/219

.: Jan-Ivar :.

On 7/7/15 9:14 PM, Jan-Ivar Bruaroey wrote:
> On 7/7/15 7:12 PM, Mathieu Hofman wrote:
>> Just to sum up the logic:
>>
>> enumerateDevices()
>> If deviceId stored (persistent or in-session), reuse
>> If deviceId not stored, generate new one.
>>    If permanent permissions were already granted, store deviceId in a 
>> sort of "hidden" persistent cookie.
>>    If permanent permissions are not granted, store deviceId in 
>> "hidden" session cookie
>>
>> gUM()
>> If deviceId stored (persistent or in-session), reuse
>> If deviceId not stored, generate new one, store in session cookie
>>   If user grants permission (temporary or permanent), store deviceId 
>> in "hidden" persistent cookie.
>>
>> Clear cookies: Remove session & persistent deviceId.
>
> That sounds about right. It's perhaps clearer with one cookie with a 
> persist-flag:
>
> enumerateDevices()
>   If deviceIds in hidden cookie, reuse
>   If deviceIds not in hidden cookie, generate new hidden cookie with 
> fresh deviceIds.
>     If permanent permissions were already granted, set 
> cookie.persist=true, else false.
>
> gUM()
>   call internal version of enumerateDevices() to get deviceIds for 
> this origin.
>   If user grants permission (temporary or permanent), and 
> cookie.persist == false, set to true.
>
> Clear cookies: Remove hidden cookies
>
>> I think we should not remove stored deviceId if user changes 
>> persistent permission type, as that introduce a weird dependency.
>> It can also create a confusing case for the site:
>> enumerateDevices() => { device: id = 12345 type = videoinput }
>> getUserMedia({video: { deviceId: { exact: 12345 } }, user allows and 
>> persist permission ("always") => success, app stores deviceId to 
>> localStorage
>> User revokes persistent permissions, which would remove stored deviceId
>
> No, it would persist here, because revoking is different from 
> permanently denying. In any case...
>
>> User visits site again, which has deviceId still saved in localStorage:
>> getUserMedia({video: { deviceId: { exact: 12345 } } => no we have a 
>> problem since device 12345 no longer exists.
>>
>> So to revisit your questions:
>>> Q: I change site X's persistent permission from "Always Allow" back to
>>> the default ("Always ask").
>>> A: deviceId persists.
>>>
>>> Q: I change site X's persistent permission from "Always Allow" to
>>> "Always Deny".
>>> A: Should we clear deviceId in this case, or is it unrelated at this 
>>> point?
>> A: It's unrelated. deviceId persists. The site might have stored it 
>> (or other "unique" info) in cookie/localStorage.
>
> I think I agree.
>
>> Mathieu
>
> .: Jan-Ivar :. 

Received on Wednesday, 22 July 2015 15:48:43 UTC