In Firefox 118 or 119 we intend to ship the "camera" and "microphone"
permission descriptors in navigator.permissions.query(), with some
adaptations for Firefox's permission model.
*Summary:* await navigator.permissions.query({name: "camera" || "microphone"
}) allow websites to query whether the user has granted them camera or
microphone permissions in the past, e.g. to streamline joining a meeting.
Since Firefox grants one-time permissions by default, the values returned
are as follows:
- "granted" — the user granted persistent or one-time permission last
time, and hasn't explicitly revoked it. This positive signal satisfies the
spec which says the caller *"can use the feature possibly without having
the user agent asking the user's permission".*
- "denied" —The user has blocked permission (or the iframe is missing
allow= policy)
- "prompt" — Neither of the above apply (this is the initial state)
This is designed to support one-time permissions as the norm. We appreciate
the need to pursue "granted" in other browsers without worrying about
differences in Firefox, hence this design.
To web developers concerned that "granted" doesn't guarantee unprompted
access in Firefox: the Firefox permission prompt is mostly harmless. Users
can refresh the page to undo accidental blocks, unless they explicitly
checked *"✅ Remember this decision"* followed by *"Block"*.
We hope this balances applications' concerns with those of users.
We are not implementing the deviceId part [4] which is being removed from
the spec. [5]
*Bug:* https://bugzil.la/1609427
*Standard: *
1. https://www.w3.org/TR/permissions/#permissions-interface
2. https://www.w3.org/TR/permissions/#dfn-granted
3. https://www.w3.org/TR/permissions/#privacy-considerations
4. https://www.w3.org/TR/mediacapture-streams/#permissions-integration
5. https://github.com/w3c/mediacapture-main/issues/965
*Platform Coverage:* Desktop atm, but planning to have it on all available
platforms.
*Preference:* This API will be available by default.
One pref, permissions.media.show_always_ask.enabled, may be available to
expose the "Always Ask ✖" permission to users more prominently. By default
it only shows in Tools / Page Info.
*Other Browsers:* Other browsers already implement permissions.query() for
"camera" and "microphone". Each have different permission models, none of
which matches Firefox's.
- Blink: shipped since 43
- Webkit: shipped since 16
Chrome appears to be experimenting with one-time permissions — see
https://github.com/w3c/permissions/issues/414 — but no change to
permissions.query as of yet.
*Web-platform-tests: *WPT tests for permissions.query() with getUserMedia
are being provided, but require manual intervention in Firefox due to
https://bugzil.la/1524074:
- WPT is in https://phabricator.services.mozilla.com/D183068
*Privacy Concerns:*
We are implementing this now to mitigate websites' upcoming loss of ability
to infer permission from device labels in Firefox once we restrict device
information exposure in enumerateDevices() ahead of getUserMedia() success
(by turning off the pref media.devices.enumerate.legacy.enabled).
But to implement this, Firefox is internally persisting an "always ask"
permission after one-time use of camera and microphone (exposed as
"granted").
Since permissions are typically treated separately from website data,
permissions.query() is a fingerprinting vector [3].
We are considering (still working on) the following mitigations:
- Replace "denied" with "prompt" ahead of getUserMedia() success, like
Safari does
- Clear "always ask" whenever website data is cleared
- Don't persist "always ask" if the privacy.resistFingerprinting pref is
set
With these mitigations in place, this should leak no new information.
--
You received this message because you are subscribed to the Google Groups
"[email protected]" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To view this discussion on the web visit
https://groups.google.com/a/mozilla.org/d/msgid/dev-platform/0b45474c-6132-42b8-a97c-b8d3b2407887n%40mozilla.org.
