[mediacapture-main] Web compat issue with permissions.query() in non-persistent permission models (#928) from Jan-Ivar Bruaroey via GitHub on 2023-02-03 (public-webrtc-logs@w3.org from February 2023)

From: Jan-Ivar Bruaroey via GitHub <sysbot+gh@w3.org>
Date: Fri, 03 Feb 2023 23:41:40 +0000
To: public-webrtc-logs@w3.org
Message-ID: <issues.opened-1570623869-1675467698-sysbot+gh@w3.org>
jan-ivar has just created a new issue for https://github.com/w3c/mediacapture-main:

== Web compat issue with permissions.query() in non-persistent permission models ==
Most video conferencing sites offer a smoother user experience to returning Chrome users than to returning users in other browsers, because they basically ignore past _non_-persisted permissions entirely. IOW, that users in Safari or Firefox granted camera last time they used the site, and the time before that, counts for nothing apparently.

Anything short of `"granted"` persisted permission is ignored, and seems treated as a user retraining problem. To illustrate, this:
```js
const perm = await navigator.permissions.query({name: "camera"});
if (perm.state == "prompt") {
  nagTheUserAboutEnablingPermission();
}
```
...causes diverging user experiences in browsers that persist permission from those that don't. E.g.:

If you're a [whereby.com](whereby.com) user in Chrome, you're forgiven for not remembering this page, because you probably only ever saw it once:

<img width="450" alt="image" src="https://user-images.githubusercontent.com/3136226/216635351-3f7109bf-780f-4294-bd44-6471cccb6dfe.png">

In contrast, returning users in Safari and Firefox (by default) see it _every meeting_. This new-user [slow lane](https://github.com/mozilla/standards-positions/issues/19#issuecomment-370087341) requires two extra clicks to get into the meeting (even with both camera and microphone off, which in theory shouldn't require any permission at all). This is a poor experience that might push users into escalating permissions to the site, which is bad for privacy. A single click (in the browser's permission prompt) should suffice for returning users.

### The permissions API isn't helping

The permissions API doesn't care about past _non-persisted_ permissions either. It only exposes current user agent state, when it should be focused on abstracting what sites need, in a manner that doesn't require sites to write different code per user agent.

The measurable discrepancy in end-user experience across user agents on this topic shows that sites have low patience for differences among user agents, and that APIs that merely expose those differences are insufficient to ensure good end-user outcomes.

### Proposal

Mozilla would like to implement `query` in Firefox ([bug 1609427](https://bugzilla.mozilla.org/show_bug.cgi?id=1609427)), but we're concerned the API's lack of recognition of past non-persisted permissions would regress behavior for Firefox users once sites feature-detect this and apply their logic (which was written for Chrome, and won't fit Firefox's non-persisted permission model).

We'd like to propose this addendum to [permission descriptor type](https://w3c.github.io/mediacapture-main/#permissions-integration):
- _"If the descriptor does not have a [deviceId](https://w3c.github.io/mediacapture-main/#dom-devicepermissiondescriptor-deviceid), and permission state is `"prompt"`, User Agents that offer non-persisted permissions MAY return `"granted"` if the user granted device access to this origin the last time this origin requested it."_

This would let us implement `query` in a way that values past non-persistent permissions, for a smoother returning-user experience closer to Chrome's.

IOW, sites that make blanket queries would get `"prompt"` for first-time users, and `"granted"` for returning users that haven't `"denied"`, just like in Chrome (even though Firefox would still prompt). Since Firefox's permission prompt doesn't perma-block on "no", we see no real risk to sites from this. We think this is a good default for Firefox.

We do recognize this is ultimately a site's decision, and sites with more stringent requirements (e.g. tele-visit sites), can get the current permission state of individual devices directly, which would still return `"prompt"`:
```js
const perm = await navigator.permissions.query({name: "camera", deviceId: localStorage.lastUsedDeviceId});
if (perm.state == "prompt") {
  nagTheUserAboutEnablingPermission(); // nags outside of Firefox's "Temporarily Allowed" 60-minute grace period
}
```
This seems more web compatible by flipping the default: no need to implore sites to use `deviceId` to make Firefox work. Instead, only sites that aren't satisfied by Firefox's default behavior need use `deviceId`.

Please view or discuss this issue at https://github.com/w3c/mediacapture-main/issues/928 using your GitHub account


-- 
Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Friday, 3 February 2023 23:41:42 UTC