As a user visiting sites that embed other sites which may request permissions, I want to be able to manage and revoke my settings for these embedded pages (iframes) quickly through the familiar site identity popup. Acceptance criteria: * If there is an iframe on the current page that has any non-default permissions set, they show up in the control center. * It is clearly communicated that these permissions belong to a site with a different URI that is embedded on the current page. * The user can revoke these permission settings through the (x) icon, same as top-level permissions * Permanently blocking an iframe permission request also perma-blocks the request for the top-level URI. * Permanently allowing an iframe permission request only allows for the frame URI, not the top-level URI.
:johann, can you add the actual user story? If this is going to be written from the End User POV, you can NI :Pdol. If this is more about making changes to the code to add value to the authors of the permission prompts, you can write if from that POV. Many thanks.
Hm, it's technical changes to supplement the existing experience. I gave it a shot. I'm not sure about acceptance criteria though. I just took the main ideas from both bugs. Also note that an indicator in the identity block for these frames is probably technically not viable, fast identity block re-rendering is crucial for tabswitch performance.
User Story: (updated)
Whiteboard: [FxPrivacy] → [fxprivacy] [userstory]
Depends on: 1330559
Priority: -- → P2
Depends on: 1345077
Assignee: jhofmann → nobody
Priority: P2 → P3
status-firefox54: affected → ---
You need to log in before you can comment on or make changes to this bug.