-
-
Notifications
You must be signed in to change notification settings - Fork 166
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
WIP: feat: a way to grant permissions to webxdcs #4008
base: main
Are you sure you want to change the base?
Conversation
src/main/deltachat/webxdc.ts
Outdated
// Or, we should instead dynamically add items here as the app | ||
// makes permission requests (see `permission_handler`). |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
would rather make the app specify it in its manifest.toml file
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Huh? How would that be useful?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
That would allow xdc app stores to show permissions.
And we could also say you need to specify a reason string there that we can show in the permission request dialog.
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Hmmmm idk idk. I think a "website" model is more suitable. Where the website (webxdc in this case) itself would explain why it's going to request a permission, in its UI.
This "manifest" model is more suitable for when there is no way to request permissions dynamically, where you have to assess them prior to installation, but with all permissions defaulting to "denied" I think it's not needed.
we could show an electron/native dialog in |
fb0b4be
to
557ffc0
Compare
1) It's not agreed that we want to generically allow access to such APIs
as it can open a can of worms and cause further work on all platforms.
Eying video/audio calls is certainly interesting but maybe better achieved
by an agreed cross-platform "integrations" approach instead of
a generic permissions-one for all apps.
2) As long as there are 53 open bugs (as of now on Desktop)
and we need to maintain 1.46.X releaseability,
let's please focus on maintenance and stabilization first.
|
e8c06b1
to
f8af0b3
Compare
Pushed a few changes:
|
https://www.electronjs.org/docs/latest/api/menu#menugetapplicationmenu : > Note: The returned Menu instance doesn't support dynamic addition > or removal of menu items. Instance properties > can still be dynamically modified. Also https://stackoverflow.com/questions/47756822/change-electrons-menu-items-status-dynamically/47761652#47761652 I checked and it works
- more possible permissions to grant - don't show permissions that were never checked or requested - security: check `requestingUrl` origin just in case - adjust log text
src/main/deltachat/webxdc.ts
Outdated
// TODO some (poorly written?) apps might require a refresh | ||
// after a permission has been granted, | ||
// but we don't support it because | ||
// 1. There is no way to refresh a webxdc |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
app can call window.location.reload()
in it's iframe, you can only not reload the parent page.
What I would like to see in this pr:
permission storage format could be enum PermissionState {
GRANTED,
USER_DENIED, // denied, don't ask again
UNDEFINED // denied, but ask on first request, not really in that enum, use the normal undefined instead
}
type PermissionStore = {[permission:string]: PermissionState | undefined} Edit: these 3 states are already common in other web apis, see https://developer.mozilla.org/en-US/docs/Web/API/Notification/permission_static |
For other platforms:I don't think waiting for integrations makes much sense, they come with their own questions and challenges. The ui does not need to be complicated, we can just start with the following:
code implementation:on both android and electron there is a permission handler function/callback that is called when the website requests a web permission, the handler can then accept or deny the request:
Later we can improve it:
|
f8af0b3
to
ef54af7
Compare
I rebased it to main (after merging monorepo, I offered to rebase all prs that were made before that) |
sorry to be a killjoy and to repeat things: this PR and this discussion here is tricky timing-wise. there is no agreement about the way to proceed with permissions. and the PR does not help on any open, much more important issue - but it adds issues and work on all platforms. distracting development resources from far more important things. (also, the original idea of a "share location" webxdc seems to be a bit lost on the way - how useful are desktop permissions to make a “share location” thing where most desktop do not even know their locations. this underlines, that it is not just this single PR, but will keep lots of devs busy) i am not saying that it does not make sense, but i doubt it makes sense now. i suggest to move this PR to resurrection and reconsider later. |
Do you think it would be okay to merge if we were to remove the toggle from the UI completely? so that it's only possible to enable for developers. |
i would postpone the pr fully, freeing development resources. otherwise there will still be discussion, pressure on other os etc., removing focus from other things - let alone bugs :) developler can still use this PR for experiments |
Closes https://support.delta.chat/t/allow-access-to-camera-geolocation-other-web-apis/2446?u=wofwca
TODO: