The Device APIs Working Group decided to discontinue work on the Feature Permissions draft as the only immediately obvious relevant use case is for Web Notifications. Any follow-up discussions should happen on the public-web-notification mailing list.
onclick
event on an A element and the onkeypress
event on
an INPUT element are user gestures. Scripts run by a timeout, or for example an onload
event are not user gestures.This specification provides an generic API for user agents which offer privileged features to web pages in order to manage permissions in a consistent manner.
The purpose of the specification is to allow users to grant permission to use individual privileged features to only the web pages which the user selects.
Permissions are granted and denied on a per-origin basis.
The following code illustrates how to query the permission level of a feature:
// A feature that requires permissions var featureID = "notifications"; // feature is ready to use in the app as the permission has been already granted var useFeature = false; function permissionRequestCallback() { if (permission == USER_DENIED) { // Perform the action knowing that permission is already granted alert("This app will not be able to use " + featureID + "."); } else if (permission == USER_ALLOWED) { // Feature is ready to be used as the permission is granted useFeature = true; } } // Getting the permission level of the feature identified by 'featureID' var permission = navigator.permissionLevel(featureID); if (permission == DEFAULT_DENIED) { // Indicate to the user that allowing the feature will result in a better experience alert("Enabling " + featureID + " will enable functionality XXX"); // Optionally the app can decide at any time to request a permission for the feature navigator.requestPermission(featureID, permissionRequestCallback()); } if (permission == DEFAULT_ALLOWED || permission == USER_ALLOWED) { // Feature is ready to be used as the permission is granted useFeature = true; } else if (permission == DEFAULT_DENIED) { // Proceed without using functionality that requires permission until the user responds to the permission request } // Main application logic if (useFeature) { useFeature(); } else { // Limited functionality as the feature is not allowed to be used doNotUseFeature(); }
The NavigatorPermissions
interface requires the user agent to indicate DEFAULT_ALLOWED
and DEFAULT_DENIED
permission levels for feature/origin combinations where the user has
not made an explicit decision.
The purpose of the distinction between user-selected and default behavior is to allow the web page to present appropriate user interfaces advising the user of the need for permission and what actions should be taken to ensure permission is granted.
The user agent may select appropriate initial default settings for each feature, but must not indicate
USER_ALLOWED
or USER_DENIED
until the user has made a permissions decision.