- From: Ryosuke Niwa <notifications@github.com>
- Date: Mon, 09 Dec 2019 17:36:41 -0800
- To: w3c/manifest <manifest@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Tuesday, 10 December 2019 01:36:43 UTC
> As another example, granting powerful permissions like location or camera/mic are all typically initiated from the web content area. Those permissions aren't used as a signal to allow other features, and there is a clear connection between what the user is trying to do (e.g. join a video conference) to what the permission is asking (e.g. access to camera). In general, we don't think asking persistent permissions upfront in a manner disassociated with the relevant user actions is a good model for security or privacy sensitive features because there is a risk for users to tap through prompts without fully understanding the implications, the users may not remember what permissions they've previously granted to a given website, and it may not be clear for users to revoke such permissions later. For pasting from system clipboard (a.k.a. pasteboard on Apple platforms) to work on iOS WebKit, for example, we show a callout bar with "Paste" as an item to match the behavior of user triggering selection, and only when the user taps "Paste", we grant one time read access to the clipboard. We don't allow generic persistent access permission to system clipboard. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/manifest/issues/835#issuecomment-563539812
Received on Tuesday, 10 December 2019 01:36:43 UTC