LGTM1 On Monday, April 18, 2022 at 5:47:47 PM UTC+2 Gabriel Brito wrote:
> Hi, Hope you are doing well. We would like to request approval for this > feature. Thank you in advance! Contact emails > > [email protected] > > Explainer > > https://webbluetoothcg.github.io/web-bluetooth/#permissions-policy > > Specification > > https://webbluetoothcg.github.io/web-bluetooth/#permissions-policy > Worth mentioning the processing model <https://webbluetoothcg.github.io/web-bluetooth/#request-bluetooth-devices> which uses that new keyword. Also seems worth mentioning the TAG review requirement and why it's not applicable in this case. I tend to agree that it's an overkill, as adding a permission policy gate here is a well-known pattern. > Summary > > Integrates the Web Bluetooth API with Permissions Policy, which should be > identified by the "bluetooth" token. The Web Bluetooth API allows webpages > to communicate with devices over Bluetooth. However, this API is not > allowed to be used from cross-origin iframes. This integration enables this > scenario while providing protection against unwanted access to Bluetooth > capabilities, which requires the top-level document to explicitly allow a > cross-origin iframe to use the API's methods. > > > > Blink component > > Blink>Bluetooth > <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3EBluetooth> > > Risks > > > > Interoperability and Compatibility > > Low interoperability risks, since it is an integration of the Web > Bluetooth API with Permissions Policy, which is already widely adopted. > Also not explicitly allowing an iframe to use bluetooth with > allow="bluetooth" won't affect the current behavior. > > > > *Gecko*: No signal > Negative <https://github.com/mozilla/standards-positions/issues/95> is more accurate: > > *WebKit*: No signal > Similarly, a negative <https://webkit.org/status/#specification-web-bluetooth> signal is more appropriate. > > *Web developers*: Positive ( > https://bugs.chromium.org/p/chromium/issues/detail?id=518042) > > *Other signals*: > > Ergonomics > > No anticipated ergonomic risks. > > > Activation > > If developers would like to provide access to Web Bluetooth to > cross-origin trusted iframes, they just need to add allow="bluetooth" to it. > > > Security > > This integration makes the Web Bluetooth API more secure while keeping the > current behavior and adding more capabilities to it. > > > WebView application risks > > *Does this intent deprecate or change behavior of existing APIs, such that > it has potentially high risk for Android WebView-based applications?* > > No. Web Bluetooth is not available in WebView. > > > > Debuggability > > N/A (No DevTools support needed) > > > > Is this feature fully tested by web-platform-tests > <https://chromium.googlesource.com/chromium/src/+/master/docs/testing/web_platform_tests.md> > ? > > Yes > > Flag name > > No flag. > > Requires code in //chrome? > > False > > Tracking bug > > https://bugs.chromium.org/p/chromium/issues/detail?id=518042 > > Estimated milestones > > No milestones specified > > > > Anticipated spec changes > > *Open questions about a feature may be a source of future web compat or > interop issues. Please list open issues (e.g. links to known github issues > in the project for the feature specification) whose resolution may > introduce web compat/interop risk (e.g., changing to naming or structure of > the API in a non-backward-compatible way).* > > > > Link to entry on the Chrome Platform Status > > https://chromestatus.com/feature/6439287120723968 > -- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/929c4b63-a112-4522-8243-7e4b26e85555n%40chromium.org.
