- From: Matt Giuca <notifications@github.com>
- Date: Wed, 04 Mar 2020 16:16:00 -0800
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3ctag/design-reviews/issues/371/594957309@github.com>
On permissions: my feeling on this is that you don't need a permission prompt in either of those cases, except in one specific edge case. The idea is that the file handlers are automatically registered (without a separate permission prompt) when you install the app, and the handler registration is tied to the app installation (i.e., if you uninstall the app, the registration is also removed). This is consistent with how file handlers generally work for native applications. While some Windows applications historically ask to register file handlers, it generally is accepted that installing an application will add file associations. Though I think it's pretty "rude" when applications become the default handler without asking; it's perfectly fine for an app to add itself as a non-default handler. Concordantly, I would expect web `file_handlers` to be added as non-default handlers without asking, but not become the default (the user can manually set a default handler). At usage time, if a user opens a file using a non-default file handler, it means they have explicitly chosen to open the file in the specified app. That is essentially a permission grant, and I don't think we really need to show an additional prompt that says "Are you sure you want to do the thing you just explicitly said to do." The one edge case, of course, is if there are _no_ other available handlers for a particular file extension. That means that by registering a file association (depending on the OS), the host OS may automatically make the web app a default handler, which means the user could open data in the web app simply by double-clicking the file. In that case, a launch-time permission prompt seems appropriate. Of course, any user agent can add extra permission prompts without having to specify it; for instance, a browser may let the user opt in to registering associations at install time, rather than doing it without asking. Or a browser may prompt to open the file at every launch. But I think it's not necessary. The explainer says a little bit about this, but I agree, we need to be a lot more explicit about the above. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/371#issuecomment-594957309
Received on Thursday, 5 March 2020 00:16:14 UTC