- From: Jan-Ivar Bruaroey via GitHub <sysbot+gh@w3.org>
- Date: Tue, 30 Apr 2024 20:39:38 +0000
- To: public-webrtc-logs@w3.org
Thanks for your questions. Let me start by answering them, to see if it un-muddies things. > Questions raised: > > - Does permission flow up to the origin (i.e. can [Figma.com](http://figma.com/) access my microphone with stored permission because I first granted access to a plugin)? (I'm unfamiliar with figma parlance, but it sounds like by "plugin" you _don't_ mean a web extension, but instead user-created JS code that figma hosts and runs in an iframe, possibly under a secondary domain, like e.g. https://jsfiddle.net does?) It sounds like you're asking about permission delegation to iframes, which is mentioned in the [permissions spec](https://www.w3.org/TR/permissions/#dfn-default-permission-key-generation-algorithm): <img width="765" alt="image" src="https://github.com/w3c/mediacapture-main/assets/3136226/9b481eb5-3f9f-4410-9bef-9c620354593e"> I don't know which browser you used, but I'm fairly certain the permission prompt asked you to grant permission to figma.com, not to a specific plugin/iframe. Therefore figma.com has permission, and delegates it as needed. > - Is this granular permission the default (i.e. does Replit have to update their iframe code to adopt See [§ 14. Permissions Policy Integration](https://www.w3.org/TR/mediacapture-streams/#permissions-policy-integration) for how this spec integrates with permission policy. This spec's default allow list is `"self"`, which limits camera and microphone permission to same-origin iframes by default. I don't know Replit, but https://jsfiddle.net/jib1/r60bzmrs/ runs my JS in a different domain (likely for security reasons), which means it has to explicitly delegate permission using the [allow](https://html.spec.whatwg.org/multipage/iframe-embed-object.html#attr-iframe-allow) attribute (abbreviated): ```html <iframe allow="microphone; camera;" src="//fiddle.jshell.net/jib1/r60bzmrs/show/?editor_console=false"> ``` This delegates permission to JS code loaded from `fiddle.jshell.net`(only) inside that iframe. > - Implications for browsers to message & manage split permissions for a given domain, allow all, abuse like unique apps asking over & over on a given page, etc. "Split permissions" is not a thing, but the other items are indeed the job of the User Agent to manage for sure. > ## How could these permissions be more security and privacy minded? Permission models is an area of differentiation between browsers. Happy to discuss changes to the spec, but you said _"first granted"_ earlier, are you by chance using a browser that auto-stores permission? This problem seems worse then. For instance, - in Firefox I never check `☐ Remember this decision` for jsfiddle.net - in Chrome I choose "Allow this time" for jsfiddle.net (I have `chrome://flags/#one-time-permission` turned on) - Safari doesn't persist permission and therefore doesn't have this problem We might want to clear up whether your problem is with an implementation before we address the model. -- GitHub Notification of comment by jan-ivar Please view or discuss this issue at https://github.com/w3c/mediacapture-main/issues/991#issuecomment-2087182151 using your GitHub account -- Sent via github-notify-ml as configured in https://github.com/w3c/github-notify-ml-config
Received on Tuesday, 30 April 2024 20:39:39 UTC