- From: Reilly Grant <notifications@github.com>
- Date: Mon, 11 Oct 2021 16:26:13 -0700
- To: w3c/permissions <permissions@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3c/permissions/issues/191/940515345@github.com>
> So, just to be sure: does that mean that if a user hypothetically grants permission to "accelerometer", they also implicitly grant access to "gyroscope" and "magnetometer"? Correct, the Chromium implementation treats these permissions as a single bucket. > If yes, then "motion-sensors" might be appropriate here. Yes, I think specifying these as a single permission bundle is fine. In theory the threat model for each of them is slightly different but I don't expect that to be easy to explain to users and so browsers are unlikely to differentiate. It only seems more future-proof to keep them separate (and define the mapping to high-level concepts). > But, if permission to generic sensors is just blanket "granted" without any permission prompt (and there is no way for the user to disable these APIs via UI), then maybe we don't need these permissions at all? (as they relate to this API, not to Permissions Policy) Chromium grants the "motion-sensors" permission by default and the UI you posted a screenshot above allows the user to change that default from "allow" to "block". Was is missing in the Chromium implementation (tracked by [issue 947112](https://bugs.chromium.org/p/chromium/issues/detail?id=947112)) is an implementation of the requestPermission() methods which would allow a site to request permission to use the "motion-sensors" permission if the user changed the default to "prompt" (which is not currently a selectable option since the API is missing). -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3c/permissions/issues/191#issuecomment-940515345
Received on Monday, 11 October 2021 23:26:26 UTC