- From: Vincent Scheib <scheib@google.com>
- Date: Thu, 4 Sep 2014 17:00:15 -0700
- To: Florian Bösch <pyalot@gmail.com>
- Cc: noloader@gmail.com, Webapps WG <public-webapps@w3.org>
- Message-ID: <CAK-EfXneO_e_krn5jPjYspuQnGXqHDYF58MMjSmsPdVyGp=MUg@mail.gmail.com>
On Thu, Sep 4, 2014 at 1:50 PM, Florian Bösch <pyalot@gmail.com> wrote: > > Well, the motivation to ask for permission up front is so that you later > don't have to pester the user. Everytime you poll a user, there's a > possibility he'll not see the prompt (happens to me pretty frequently in > chrome and firefox) and stuff won't work and the site makes a sad face. > Putting it up front is one way to avoid a bad user experience. It's likely > APIs that require permissions will proliferate, which makes it more likely > to run into the bad cases. > > There are other motivations to put permissions up-front though. For > instance if you enter pointerlock, then in order to click on the > permissions, the browser needs to throw the user out of pointerlock, but > you're not getting back into pointerlock by itself, so you need to reaquire > it, which necessitates a user interaction. > > Sometimes a set of functionality (like say geolocation and user media) is > often requested together, so it makes it again more likely to run into the > bad cases. Pointerlock & fullscreen solved this issue by coalescing the > permission for both into a single dialog if both are requested. > > Merging pointer lock and fullscreen requests has worked well in Chrome, particularly allowing that merging to happen independently of request order or timing allowing for them to be joined after a delay. Additional UI presentations of this merging have been considered over time and the browser has great flexibility in how to guide the user through an informed choice. Continuing to support the browser merging requests is valuable. Merging doesn't require an API specifically built to bundle, also as demonstrated by pointer lock and fullscreen which Chrome merges without a unified or explicit API. However, code legibility, maintainability, and developer intent would all benefit. Ability to merge also doesn't imply that a webpage can not offer interstitial explanation of requests to increase user engagement. I'd also argue that users who click through unwarranted large permissions groups in order to access simple apps such as flashlights are just as likely to click multiple times to sequential requests.
Received on Friday, 5 September 2014 00:01:12 UTC