Re: [w3c/manifest] Adding protocol handlers (#972)

@diekus commented on this pull request.



> +          The user agent MUST ask for permission when using a protocol
+          handler for the first time. This feature requires user interaction
+          and a script cannot communicate with another application on its

Hola Marcos,

> > protocol_handlers member in the manifest file: this will register a/several scheme(s) when a Web application is being installed.
> 
> Ok, but isn't this in violation of the web's security/permission model? I.e., we only really allow things to be request permission at use time, not _en mass_ at install time.
> 

It is as you are saying, the permission request happens when the user is using the protocol for the first time. We think the consent dialog on this first use is a good compromise between asking for permission for every protocol that an app wants to register and the security concerns of registering the protocols.
 
> Consider, we've previously rejected similar proposals whereby one would do:
> 
> ```
>   features: ["geolocation", "camera", "something else"]
> ```
> 
> This feels very similar.
> 
> > Here a noteworthy difference is that the prompt itself would appear once a user in a website on the browser invokes one of the registered schemes. For example, I installed the BatmanPWA and when I am browsing online I click on a 'web+batman://' link and then the prompt appears in the browser asking if the user wants to use that (registered) PWA. This happens the first time a user invokes a specific scheme. Very convenient indeed.
> 
> This is concerning though. If I install BatmanPWA, it could do:
> 
> ```
>    protocol_handlers: [
>        /// ...1000 protocols here... MUAHAHAH! 
>        /// Appear to handle everything, and show up everywhere!
>     ]
> ```
> 

The list of safe-listed protocols is rather small and they're very likely to have multiple handlers already defined among browser, native and installed web apps, which makes it unlikely that an app can take over everything. Would setting an arbitrary limit to the number of protocols that can be registered help? 

> @dmurph:
> 
> > There is also the automatic unregistration that happens when a user uninstalls a webapp, which is nice :)
> 
> Agree, that's nice. But it does presume some tight integration at the OS level with the browser. IIRC (and this was long ago), Firefox couldn't support such things because it could only put a shortcut icon on the home screen, but it had no way of getting notified if a user had deleted the shortcut.



-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/manifest/pull/972#discussion_r646958743

Received on Monday, 7 June 2021 21:39:43 UTC