Re: [w3c/gamepad] Re-enable Gamepad Access from HTTP (aka insecure) Context (Issue #203) from Yuxuan Zhang on 2024-05-10 (public-webapps-github@w3.org from May 2024)

From: Yuxuan Zhang <notifications@github.com>
Date: Thu, 09 May 2024 17:02:43 -0700
To: w3c/gamepad <gamepad@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3c/gamepad/issues/203/2103623746@github.com>

In response to @nondebug's [post](https://github.com/w3c/gamepad/issues/203#issuecomment-2103569982):

Thanks for commenting!

1. We can add a boolean field in each `gamepad` instance, e.g. `gamepad.hasFullAccess`, to indicate if full access was granted to a specific gamepad. This change is unlikely to break any existing use case.

2. From my understanding, the gamepad instance, once grabbed, is __immutable__ (i.e. only contains one "frame" of user input, at the time it was returned). Therefore, gamepad objects instantiated before full access being granted should stay as-is (i.e. an abstracted version).

3. Since `GamePad`s are uniquely identified by their `index`, a non-intrusive change can be made to the API by simply adding a new function, for example:

```ts
navigator.requestGamePadFullAccess(
index: number, // gamepad.index
callback?: (ack: boolean, gamepad: Gamepad) => void
);
```

This will trigger an async prompt to the user asking for full access. Optionally the web page will explain to the user why it would like to have such permission.

Upon user approval, any new `Gamepad` instance returned from the API, either through a gamdpad event or the `nevigator.getGamePads()` API, will expose all properties of the physical device. And its `gamepad.hasFullAccess` priority will be set to `true`.

4. The window focus issue turned out a little trickier than I supposed. Thanks for bringing that up! The idea is basically blocking the gamepad from being updated outside of user focus _before user explicitly allows it_. This can be implemented as stop updating the gamepad instance, i.e. any subsequent access to `sequence<gamepad>` will return the frame before the moment the window was unfocused.

In this way, I expect most applications to live along with the abstracted gamepad (including mine).
For those who need to access the full feature set of the gamepad in a HTTP context, they can simply prompt for user permission instead of asking users to install and trust their self-signed SSL certificate.

Please let me know how you think of this, thank you!

--
Reply to this email directly or view it on GitHub:
https://github.com/w3c/gamepad/issues/203#issuecomment-2103623746
You are receiving this because you are subscribed to this thread.

Message ID: <w3c/gamepad/issues/203/2103623746@github.com>

Received on Friday, 10 May 2024 00:02:47 UTC