Re: [w3c/manifest] User-approved permissions (#967)

A bit of background on similar requests in the past: https://github.com/w3c/manifest/issues/218 https://github.com/w3c/manifest/issues/319 + [some personal thoughts on the subject]( https://marcosc.com/2014/12/why-manifests-and-permissions-dont-mix/) - and why we haven't added anything like this to the spec previously. 

The tl;dr is that the web platform APIs provide use-time/in-context permissions, as do some OSs (e.g., iOS). So enabling these APIs might via manifest would be incompatible with how permissions work on the Web, and in some OSs. 

For the hypothetical "deno" straw-person above, it would presumedly use the Filesystem API, which would itself ask the user where the API can read/write to. Providing a path probably wouldn't make much sense, as every OS uses a different path structure. Similarly, wit the `"allow-net"` permission... that would be extremely difficult to communicate to an end use in the form of a permission. Additionally, how network communication works is governed by the Fetch spec (CORS, etc.), so it wouldn't make much sense to have such a permission. 

Some limited permissions may be relaxed or granted at install time, but those are usually not directly observable by web applications.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/manifest/issues/967#issuecomment-809794996

Received on Monday, 29 March 2021 23:36:59 UTC