Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Launching a PWA should qualify as a "User activation" #274

Closed
Jaifroid opened this issue Jan 30, 2021 · 4 comments
Closed

Launching a PWA should qualify as a "User activation" #274

Jaifroid opened this issue Jan 30, 2021 · 4 comments

Comments

@Jaifroid
Copy link

Jaifroid commented Jan 30, 2021
edited
Loading

Launching a PWA should be considered by the API to be a "User activation", i.e. launching should be able to to trigger the permision request for a previously picked file or directory ("Let site view files?").

Currently we have an unequal situation, and oddly the situation is worse for installed PWAs than it is for an app launched from a third-party link. Consider these two scenarios, for an app where the user has (in a previous session) picked a file to work on, and the file handle has been serialized to IndexedDB:

  1. If I provide a link to my app from a third-party web site, then when the user clicks this link, the app will launch and it can immediately (if I wish) ask for permission to view the previously picked file. The user only has to click once in the app to provide permission.

  2. However, if my app is installed as a PWA, and the user launches it from its icon in the OS interface (at least on Windows), then when the app requests permission to access a previously picked file, it throws an error (in console) "DOMException: User activation is required to request permissions". I have to wait for the user to click a link I have provided in the UI before I can trigger the permsision request. In this scenario, the user has to click twice in the app to provide permission (once on a link in the app, and then again in the permissions dialogue).

Why is scenario 1 treated as more secure than scenario 2? Surely it should be the other way round?
@Jaifroid Jaifroid changed the title Launching the app should qualify as a "User activation" Jan 30, 2021
@bradisbell
Copy link

I think that ideally, the behavior is the same between PWA and browser-launched. Please, let's not flip the current behavior... let's unrestrict PWAs.
@Jaifroid
Copy link
Author

@bradisbell I'd agree with that!
@zedL
Copy link

zedL commented Feb 13, 2021

How about asking the user once when creating/selecting a folder? From then on, the browser can have full access below the folder.
@mkruisselbrink
Copy link
Contributor

I agree that it does seem weird that navigation by clicking a link would count as user activation while launching a PWA wouldn't. That said, this spec doesn't define what counts as user activation; that is specified (or should be specified) in the HTML spec. whatwg/html#3849 is an open issue to more accurately specify what counts as user activation, commenting on there or opening a new issue in the html spec would probably be the better place for a suggestion like this.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
4 participants
@mkruisselbrink @bradisbell @Jaifroid @zedL