Contact emails fbeauf...@google.com
Explainer https://github.com/w3c/web-nfc/blob/gh-pages/EXPLAINER.md https://github.com/w3c/web-nfc/pull/636 Specification https://w3c.github.io/web-nfc/#dom-ndefreader-makereadonly https://github.com/w3c/web-nfc/pull/632 Summary The NDEFReader makeReadOnly() method allows web developers to make NFC tags permanently read-only with Web NFC. Blink component Blink>NFC <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3ENFC> Motivation Since we’ve shipped Web NFC in Chrome 89, developers have been asking for a way to “lock” NFC tags to prevent malicious users from overwriting their content. See https://github.com/w3c/web-nfc/issues/558 This operation is a one-way process and cannot be reversed. Once an NFC tag has been made read-only, it can't be written anymore. Existing Web NFC restrictions apply to makeReadOnly(): It is only available to top-level frames and secure browsing contexts (HTTPS only). Origins must first request the "nfc" permission while handling a user gesture (e.g. a button click). To then make the NFC tag read-only, the web page must be visible when the user touches an NFC tag with their device, while still handling a user gesture. The browser uses haptic feedback to indicate a tap. Access to the NFC radio is blocked if the display is off or the device is locked. When a page is placed in the background, receiving and pushing NFC content is suspended. TAG review This small addition to the Web NFC API doesn’t seem to qualify for a TAG review. Note that the Security and Privacy section was updated based on last TAG review feedback at https://github.com/w3ctag/design-reviews/issues/461 TAG review status Not Applicable Risks Interoperability and Compatibility This small addition to the NDEFReader object does not change the overall status of Web NFC interoperability or compatibility. Signals from other implementations (Gecko, WebKit): Gecko: No Signal [1] WebKit: No Signal [1] Web / Framework developers: Positive https://twitter.com/quicksave2k/status/1465615447806681090 [1] Both Gecko and Webkit are unlikely to object to this feature specifically, but object to the overall Web NFC API as a whole, hence it doesn't make sense to bug them with specific questions on this. Activation: This feature can't be polyfilled. It should be fairly trivial for developers to adopt this new feature. Debuggability Exposing DevTools debugging support for device-access APIs (Web NFC included) is discussed at https://bugs.chromium.org/p/chromium/issues/detail?id=1142566. For now, affordable NFC tags are required to debug Web NFC. Is this feature fully tested by web-platform-tests <https://chromium.googlesource.com/chromium/src/+/master/docs/testing/web_platform_tests.md> ? Yes. This feature will be fully tested at https://wpt.fyi/results/web-nfc Requires code in //chrome? True. The permission prompt text will be updated and current NFC permissions reset so that users clearly know which permission they’re granting to websites. Tracking bug https://bugs.chromium.org/p/chromium/issues/detail?id=1275576 Estimated milestones M100 Link to entry on the Chrome Platform Status https://chromestatus.com/feature/5700853265596416 Links to previous Intent discussions Intent to prototype: https://groups.google.com/a/chromium.org/g/blink-dev/c/iyljeGnIct8/m/tonTVszmCAAJ -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAPpwU5%2B_G%2BmsT%2B7z%2BNes1aqa3x0A0Nyktg-g_debukrTGJF7HQ%40mail.gmail.com.
