Re: [w3ctag/design-reviews] Fullscreen Popup Windows (Issue #840) from Brad Triebwasser on 2023-09-13 (public-webapps-github@w3.org from September 2023)

From: Brad Triebwasser <notifications@github.com>
Date: Tue, 12 Sep 2023 19:43:06 -0700
To: w3ctag/design-reviews <design-reviews@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3ctag/design-reviews/issues/840/1716859137@github.com>

Hi @torgo,

Thanks for your feedback and apologies for the delay.

I [requested Second Screen WG/CG feedback](https://lists.w3.org/Archives/Public/public-secondscreen/2023Aug/0000.html) on the proposal and with permission, I moved the explainer into the [WG repository](https://github.com/w3c/window-management/blob/main/EXPLAINER_fullscreen_popups.md). We plan to further discuss this proposal with the working group during TPAC 2023 ([agenda](https://github.com/w3c/secondscreen-wg/issues/10)). Additionally, please consider: 

- The [original request](https://github.com/w3c/window-placement/issues/7).
- Related  requests (e.g. [1](https://github.com/w3c/presentation-api/issues/476), [2](https://github.com/w3c/window-placement/issues/98), [3](https://github.com/w3c/window-placement/issues/92)).
- A developer expressed support in [repository issue #2](*https://github.com/bradtriebwasser/fullscreen-popup/issues/2).
- We have partners already taking part in a dev trial, and we are actively soliciting their feedback, which has been positive thus far.

Prompt exhaustion is a valid concern, but security reviewers recommended gating this [powerful feature](https://www.w3.org/TR/permissions/#dfn-powerful-feature) by permission. Since targeting a specific screen implies `window-management` permission, re-using that permission avoids a separate prompt for this feature. Admins can alleviate enterprise users of this prompt, but that is a very narrow mitigation. We considered removing the `window-management` permission requirement for same-screen fullscreen popups, but the consensus was to gate all feature usage on permission for now. We generally support permission model innovation, but have not found a satisfying broad solution. 
Note that since your review, I had also [updated the explainer](https://github.com/bradtriebwasser/fullscreen-popup/commit/35f643f3f27367f49eaf385a501e60a9e6ebf541) to consume a user gesture along with some other security considerations.


-- 
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/840#issuecomment-1716859137
You are receiving this because you are subscribed to this thread.

Message ID: <w3ctag/design-reviews/issues/840/1716859137@github.com>

Received on Wednesday, 13 September 2023 02:43:14 UTC