[whatwg/fetch] [Accessibility] Declarative permissions in parent scope for filesystem access via fileURLs (#1210)

### Background:
The web was firstly created in order to gain access to files within a local network. However, today, a user of a web application can not even access their own files on their own computer...

To solve this problem, many API have been developped for granting filesystem access permissions to application, but what those API designs do forget, is that the web is not only a browser and a web server, but also the local computer which allows the browser to operate and which can be accessed via fileURLs.

### Proposal
By default, filesystem access should not be made via specific APIs, such a Filesystem Access API, but rather should be incorporated into the Fetch API, via fileURLs, and according to secure permissions contexts (#1209).
FileURLs access from non-fileURLs should thus be allowed in the context of a parent scope permission, that could be granted by the user according to different permissions mechanisms to be defined in a separate issue concerning user-granted permissions.

### Example
```html
<script allow-net="file://path/to/a/document.json">
/* script has access to a particular document via fetchAPI via fileURLs*/
fetch('file://path/to/a/document.json')
  .then(response => response.json())
  .then(data => console.log(data));
</script>

<script allow-net="file://path/to/a/documentfolder">
/* script has access to a particular document folder via fetchAPI via fileURLs*/
fetch('file://path/to/a/documentfolder/data.json')
  .then(response => response.json())
  .then(data => console.log(data));
</script>
````


-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/fetch/issues/1210

Received on Tuesday, 6 April 2021 12:07:29 UTC