Re: [w3ctag/design-reviews] Capability Delegation (#655)

> Under further review and reading through the entire list of standardized features, we are concerned about making all features available for delegation. More specifically, if a top level document is granted camera, usb, web-share etc. permission, it shouldn't be able to delegate without additional user consent.

Can you say more as to why?

Currently, if an outer page wants to delegate a capability an inner page, they can do so through hacky ad-hoc protocols: i.e., just proxy the API over postMessage(). For example, if a subframe wants camera permission, it would do something like `window.top.postMessage("give me camera", "*")` and the top page would have an event handler like

```js
window.onmessage = e => {
  if (e.data === "give me camera") {
    requestCameraPermissionInThisTopFrame();
    const cameraData = getCameraData();
    e.source.postMessage({ cameraData }, "*");
    // perhaps repeat every 16 ms if they want video
  }
};
```

To my eye, capability delegation just provides a standardized mechanism for doing this, without requiring manual coding. So it seems like it should be usable for any API.

If this is not true, and I've misunderstood the explainer, then that'd be helpful information for the explainer to include :).

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/655#issuecomment-953359868

Received on Wednesday, 27 October 2021 22:34:38 UTC