Re: [webauthn] update extensions framework to include interfacing with user agent permissions framework from Kane York via GitHub on 2017-12-05 (public-webauthn@w3.org from December 2017)

From: Kane York via GitHub <sysbot+gh@w3.org>
Date: Tue, 05 Dec 2017 22:11:37 +0000
To: public-webauthn@w3.org
Message-ID: <issue_comment.created-349458824-1512511896-sysbot+gh@w3.org>

I feel like this should be addressed - it seems like a mistake to allow websites to get geolocation information without the user being notified.

> Client extension processing  
>
> Check the [[permissions state]] for geolocation. If the permission state is `"denied"`, the client MUST remove the extension and not pass it to the authenticator. If the permission state is `"prompt"`, the user agent MAY prompt the user and restart this processing, or MAY remove the extension without prompting. If the permission state is `"granted"`, the client creates the authenticator extension input with the Boolean value `true`.




-- 
GitHub Notification of comment by riking
Please view or discuss this issue at https://github.com/w3c/webauthn/issues/133#issuecomment-349458824 using your GitHub account

Received on Tuesday, 5 December 2017 22:11:39 UTC