Re: Permissions UI & Necessary API from Kostiainen, Anssi on 2014-05-06 (public-sysapps@w3.org from May 2014)

From: Kostiainen, Anssi <anssi.kostiainen@intel.com>
Date: Tue, 6 May 2014 13:53:19 +0000
To: "reeder_29@yahoo.com" <reeder_29@yahoo.com>
CC: Marcos Caceres <w3c@marcosc.com>, "Sysapps@w3.org" <public-sysapps@w3.org>
Message-ID: <5D107B71-03E7-43B1-8F93-EF7A90DF9A61@intel.com>

> On May 5, 2014 11:25 AM, Marcos Caceres <w3c@marcosc.com> wrote: 
> 
> On May 3, 2014 at 12:56:12 AM, Doug Reeder (reeder_29@yahoo.com) wrote: 
> > > I do, in fact, persistently store a preference "tag new notes 
> > with location". It's undefined initially. If the user sets it 
> > true, my app immediately calls the geolocation API to trigger 
> > the permission dialog. If the user approves, we're on the happy 
> > path. If the user denies permission, the preference is set to 
> > undefined - the user has expressed conflicting wishes. 
> > 
> > Unfortunately for my situation, if the user allows geolocation 
> > once, it says nothing about whether it will be allowed the next 
> > time. In Chrome, allowing geolocation is persistent, but in 
> > Firefox and Firefox OS it's not persistent unless the user clicks 
> > a second control. 

That is correct. Whether implementations persist, or allow the user to persist, permission settings vary by browser and by feature. And this will likely remain so.

To further complicate things, sometimes subtle hints of trustworthiness of the site are used to decide whether to allow persisting a permission or not. For example, Chrome allows persisting gUM permission only if the content is served over HTTPS, while for Geolocation the permission is persisted regardless of the protocol.

iOS is probably the strictest in this regard, and never persists permissions for regular web content (only for things bookmarked to homescreen, which is another hint of trustworthiness).

An opportunity to dig into this a bit more.

> Ok, good to know. Do you think just adding a `geolocation.permission === 'enabled'` or similar would address the use case?  
> 
> Also, maybe good if we could move this back to the list? 

On 06 May 2014, at 04:41, reeder_29@yahoo.com wrote:

> Yes, that would solve my problem.
> 
> Theoretically, permission could change between checking and calling getCurrentLocation, but if I'm calling them in the same tick, ocurrence should be vastly rarer than geolocation failures.

I think that is not really a concern. I don’t see anything getting in between the following considering the single-threaded nature of JavaScript:

if (geo.permission === 'enabled') {
  geo.getCurrentPosition();
}

Or perhaps you have a more complete real life example in mind?

Thanks,

-Anssi

Received on Tuesday, 6 May 2014 13:56:00 UTC