Open Bug 1878686 Opened 1 years ago Updated 1 years ago

Device Orientation API: Add Permissions Policy integration

Categories

(Core :: DOM: Device Interfaces, enhancement)

Product:
Core
Component:
DOM: Device Interfaces
Type:
enhancement

Tracking

()

Status:
UNCONFIRMED

People

(Reporter: rakuco, Unassigned)

References

(Blocks 1 open bug)

Details

Steps to reproduce:

The Device Orientation API specification (https://www.w3.org/TR/orientation-event/) used to have a requirement for only firing events and exposing readings to iframes that were same-origin with the top-level frame.

This was added years ago in https://github.com/w3c/deviceorientation/pull/25 and implemented in Gecko in bug 1197901.

Blink never implemented this feature, but did add Permissions Policy integration in 2018 (https://bugs.chromium.org/p/chromium/issues/detail?id=796894), and the WebKit implementation from years ago (currently shipping on iOS) followed suit.

I codified the Permissions Policy integration into the spec in https://github.com/w3c/deviceorientation/pull/121 and removed the same-origin requirement that conflicted with it in https://github.com/w3c/deviceorientation/pull/136.

The Gecko implementation should add this integration for compatibility with existing content. Furthermore, given that the default allowlist for the new features is "self", the exact same set of sites that used to work before would continue working after the integration (provided they don't also pass a custom allowlist value for the new tokens).

You need to log in before you can comment on or make changes to this bug.