Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Add integration with Permissions Policy #64

Closed
reillyeon opened this issue Feb 7, 2019 · 10 comments · Fixed by #121
Closed

Add integration with Permissions Policy #64

reillyeon opened this issue Feb 7, 2019 · 10 comments · Fixed by #121

Comments

@reillyeon
Copy link
Member

This has already been implemented in Chrome (issue 796894) based on the Feature Policy specification however this should be mentioned directly in this specification.

@anssiko
Copy link
Member

anssiko commented Feb 8, 2019

Given both Safari and Firefox seem to restricted these events to top-level document and same-origin frames they'd comply with the default Feature Policy behavior of default allowlist set to ["self"]. Correct?

If that's the case, this seems like an obvious addition to the spec. I suspect it was not added to the spec in tandem with the Chrome implementation work due to the unfortunate fact this spec was unmaintained at that time.

@reillyeon
Copy link
Member Author

Discussed at TPAC 2019 F2F. Resolved to implement this issue.

https://www.w3.org/2019/09/19-dap-minutes.html#x16

@xfq
Copy link
Member

xfq commented Jul 23, 2020

Note that Feature Policy has been renamed: w3c/webappsec-permissions-policy#379

@reillyeon reillyeon changed the title Add integration with Feature Policy Add integration with Permissions Policy Sep 14, 2023
@rakuco
Copy link
Member

rakuco commented Sep 14, 2023

For the record: both Blink and WebKit already integrate this API with the Permissions Policy spec, but Gecko does not.

When it comes to permissions policy tokens:

  • Blink and WebKit use the same ones for ondevicemotion, "accelerometer" and "gyroscope"
  • Blink uses "accelerometer" and "gyroscope" for ondeviceorientation and "accelerometer", "gyroscope" and "magnetometer" for ondeviceorientationabsolute.
  • WebKit does not implement ondeviceorientationabsolute but requires "accelerometer", "gyroscope" and "magnetometer" for ondeviceorientation. Curiously, it still supports the initDeviceOrientationEvent() call that takes an absolute parameter which was removed from the spec in 2012 (possibly because the IDL file wasn't updated after Blink came to existence).

@rakuco
Copy link
Member

rakuco commented Oct 31, 2023

The additional "magnetometer" requirement for ondeviceorientation on WebKit seems to come from the non-standard version of the Device Orientation API shipped on iOS and its compass-related attributes:

    [ImplementedAs=compassHeading] readonly attribute unrestricted double? webkitCompassHeading;
    [ImplementedAs=compassAccuracy] readonly attribute unrestricted double? webkitCompassAccuracy;
    undefined initDeviceOrientationEvent(optional [AtomString] DOMString type = "",
                                    optional boolean bubbles = false,
                                    optional boolean cancelable = false,
                                    optional unrestricted double? alpha = null,
                                    optional unrestricted double? beta = null,
                                    optional unrestricted double? gamma = null,
                                    optional unrestricted double? compassHeading = null,
                                    optional unrestricted double? compassAccuracy = null);

(see also: Apple's DeviceOrientationEvent documentation)

The non-iOS version of the Web IDL excerpt above allows creating a synthetic DeviceOrientation event with absolute=true:

    readonly attribute boolean? absolute;
    undefined initDeviceOrientationEvent(optional [AtomString] DOMString type = "",
                                    optional boolean bubbles = false,
                                    optional boolean cancelable = false,
                                    optional unrestricted double? alpha = null,
                                    optional unrestricted double? beta = null,
                                    optional unrestricted double? gamma = null,
                                    optional boolean? absolute = null);

but the ondeviceorientationabsolute event itself (which would require magnetometer access) is not supported.

My proposal is to standardize Blink's behavior (i.e. require "accelerometer"+"gyroscope" for ondevicemotion and ondeviceorientation, and "accelerometer"+"gyroscope"+"magnetometer" for ondeviceorientationabsolute) instead.

@rakuco
Copy link
Member

rakuco commented Nov 3, 2023

My proposal is to standardize Blink's behavior (i.e. require "accelerometer"+"gyroscope" for ondevicemotion and ondeviceorientation, and "accelerometer"+"gyroscope"+"magnetometer" for ondeviceorientationabsolute) instead.

The current text in the spec does give some leeway to implementations to use a magnetometer for ondeviceorientation:

The deviceorientation event tries to provide relative values for the three angles (relative to some arbitrary orientation), based on just the accelerometer and the gyroscope. The implementation can still decide to provide absolute orientation if relative is not available or the resulting data is more accurate. In either case, the absolute property must be set accordingly to reflect the choice.

The Gecko implementation seems to do this on e.g. Android:

In order for the spec to be airtight, we'd need to either require "magnetometer" or stop allowing implementations to fall back to absolute orientation.

@reillyeon
Copy link
Member Author

Could the we specify that implementations may only fall back to absolute orientation if the document has "magnetometer" permission?

@rakuco
Copy link
Member

rakuco commented Nov 9, 2023

I think that could work, even though it doesn't match the behavior of any of the implementations 😄

I'll work on a draft patch.

@rakuco
Copy link
Member

rakuco commented Nov 9, 2023

Ah, good point, I was only looking at the Blink-side checks but forgot that there are content-side checks as well.

rakuco pushed a commit that referenced this issue Nov 10, 2023
This substantive change makes the firing of the events defined in this
specification dependent on a few different policy-controlled features:
"accelerometer", "gyroscope", and "magnetometer.

Both Blink and WebKit already integrate their implementations with the
Permissions Policy spec and use the same tokens, although a bit differently:

- Both require "accelerometer" and "gyroscope" for the devicemotion event.
- Blink requires "accelerometer" and "gyroscope" to provide relative
  orientation data for the deviceorientation event, and additionally the
  "magnetometer" feature to fall back to absolute orientation data. WebKit
  always requires the three tokens for the deviceorientation event.
- Blink requires "accelerometer", "gyroscope", and "magnetometer" for the
  deviceorientationabsolute event, whereas WebKit does not implement this
  event.

We have opted to codify Blink's behavior in the specification, as since
relative orientation data does not require a magnetometer sensor, the event
should not require the corresponding token either.

Fixes #64.
rakuco pushed a commit that referenced this issue Nov 13, 2023
This substantive change makes the firing of the events defined in this
specification dependent on a few different policy-controlled features:
"accelerometer", "gyroscope", and "magnetometer.

Both Blink and WebKit already integrate their implementations with the
Permissions Policy spec and use the same tokens, although a bit differently:

- Both require "accelerometer" and "gyroscope" for the devicemotion event.
- Blink requires "accelerometer" and "gyroscope" to provide relative
  orientation data for the deviceorientation event, and additionally the
  "magnetometer" feature to fall back to absolute orientation data. WebKit
  always requires the three tokens for the deviceorientation event.
- Blink requires "accelerometer", "gyroscope", and "magnetometer" for the
  deviceorientationabsolute event, whereas WebKit does not implement this
  event.

We have opted to codify Blink's behavior in the specification, as since
relative orientation data does not require a magnetometer sensor, the event
should not require the corresponding token either.

Fixes #64.
rakuco pushed a commit that referenced this issue Dec 5, 2023
This substantive change makes the firing of the events defined in this
specification dependent on a few different policy-controlled features:
"accelerometer", "gyroscope", and "magnetometer.

Both Blink and WebKit already integrate their implementations with the
Permissions Policy spec and use the same tokens, although a bit differently:

- Both require "accelerometer" and "gyroscope" for the devicemotion event.
- Blink requires "accelerometer" and "gyroscope" to provide relative
  orientation data for the deviceorientation event, and additionally the
  "magnetometer" feature to fall back to absolute orientation data. WebKit
  always requires the three tokens for the deviceorientation event.
- Blink requires "accelerometer", "gyroscope", and "magnetometer" for the
  deviceorientationabsolute event, whereas WebKit does not implement this
  event.

We have opted to codify Blink's behavior in the specification, as since
relative orientation data does not require a magnetometer sensor, the event
should not require the corresponding token either.

Fixes #64.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging a pull request may close this issue.

4 participants