Open Bug 1335155 Opened 7 years ago Updated 2 years ago

[User Story] Permissions in Sub-Frames


(Firefox :: Site Permissions, defect, P3)





(Reporter: elan, Unassigned)


(Depends on 1 open bug, Blocks 1 open bug)


(Whiteboard: [fxprivacy] [userstory])

User Story

As a user visiting sites that embed other sites which may request permissions, I want to be able to manage and revoke my settings for these embedded pages (iframes) quickly through the familiar site identity popup.

Acceptance criteria:
* If there is an iframe on the current page that has any non-default permissions set, they show up in the control center.
* It is clearly communicated that these permissions belong to a site with a different URI that is embedded on the current page.
* The user can revoke these permission settings through the (x) icon, same as top-level permissions
* Permanently blocking an iframe permission request also perma-blocks the request for the top-level URI.
* Permanently allowing an iframe permission request only allows for the frame URI, not the top-level URI.
      No description provided.
:johann, can you add the actual user story? If this is going to be written from the End User POV, you can NI :Pdol. If this is more about making changes to the code to add value to the authors of the permission prompts, you can write if from that POV. Many thanks.
Flags: needinfo?(jhofmann)
Hm, it's technical changes to supplement the existing experience. I gave it a shot. I'm not sure about acceptance criteria though. I just took the main ideas from both bugs.
Also note that an indicator in the identity block for these frames is probably technically not viable, fast identity block re-rendering is crucial for tabswitch performance.
Blocks: 1188355
User Story: (updated)
Flags: needinfo?(jhofmann)
Whiteboard: [FxPrivacy] → [fxprivacy] [userstory]
Depends on: 1330559
Depends on: 1299577
Priority: -- → P2
Depends on: 1345077
Assignee: jhofmann → nobody
Priority: P2 → P3
Component: Site Identity → Site Permissions
Severity: normal → S3
You need to log in before you can comment on or make changes to this bug.