- From: Jonas Sicking <jonas@sicking.cc>
- Date: Wed, 11 Jul 2012 20:27:39 -0700
- To: Ian Hickson <ian@hixie.ch>
- Cc: Anne van Kesteren <annevk@annevk.nl>, Web Notification WG <public-web-notification@w3.org>
On Tue, Jul 10, 2012 at 9:14 AM, Ian Hickson <ian@hixie.ch> wrote: > On Tue, 10 Jul 2012, Jonas Sicking wrote: >> >> One way to address all of the above problems is to require that an icon >> URL is specified when the requestPermission function is called. That way >> multiple URLs, and the implementation can display the icon when the >> permission is requested, meaning that the user can review the icon that >> will be used at the same time as the permission grant is happening. It >> also allows the implementation to download all icons up front, meaning >> that no network requests has to happen when a notification is displayed. >> >> However this is a pretty big change to the API which we realize is >> problematic. > > The ideal permission UI, IMHO, is one where the first time a site pops up > a notification, it is constrained to appearing within its own frame (i.e. > can't do anything more than it could do anyway with a positioned <div>), > and somewhere on that notification is a button that "pops out" the > notification to the system level, after which notifications from that > origin can go to the system level (and similarly a button on the popped > out notifications can revoke this permission). Like Andrew, I don't think you could build a good user experience with that solution. I agree that showing notifications in-page is a good solution for pages that tries to bring up notifications before the user has given permission to open out-of-page. However I think we need a way for a page to explicitly ask for permission to open out-of-page notifications before it needs to actually notify the user. > We could solve the spoofing icon problem by making this permission be > scoped to the specific icon being displayed -- whenever the icon changes, > either because its URL changed or because the image at that URL changed, > then you implicitly cancel the permissions grant. This would result in too many permission requests to really solve the use-case of wanting to display the avatar of your chatting partner in a chatting web app. > Regarding the multiple icons issue, I recommend an approach similar to > image-set() in CSS, srcset="" in HTML, or <link rel=icon sizes> in HTML, > depending on what the exact requirements are. This might work, but only solves one of the issues listed in the original email. / Jonas
Received on Thursday, 12 July 2012 03:28:38 UTC