LGTM1

On Monday, April 18, 2022 at 5:47:47 PM UTC+2 Gabriel Brito wrote:

> Hi,   Hope you are doing well. We would like to request approval for this 
> feature. Thank you in advance!     Contact emails 
>
> [email protected]
>
> Explainer 
>
> https://webbluetoothcg.github.io/web-bluetooth/#permissions-policy
>
> Specification 
>
> https://webbluetoothcg.github.io/web-bluetooth/#permissions-policy
>
Worth mentioning the processing model 
<https://webbluetoothcg.github.io/web-bluetooth/#request-bluetooth-devices> 
which uses that new keyword. 

Also seems worth mentioning the TAG review requirement and why it's not 
applicable in this case. I tend to agree that it's an overkill, as adding a 
permission policy gate here is a well-known pattern.
 

> Summary 
>
> Integrates the Web Bluetooth API with Permissions Policy, which should be 
> identified by the "bluetooth" token. The Web Bluetooth API allows webpages 
> to communicate with devices over Bluetooth. However, this API is not 
> allowed to be used from cross-origin iframes. This integration enables this 
> scenario while providing protection against unwanted access to Bluetooth 
> capabilities, which requires the top-level document to explicitly allow a 
> cross-origin iframe to use the API's methods.
>
>
>
> Blink component 
>
> Blink>Bluetooth 
> <https://bugs.chromium.org/p/chromium/issues/list?q=component:Blink%3EBluetooth>
>
> Risks 
>
>
>
> Interoperability and Compatibility 
>
> Low interoperability risks, since it is an integration of the Web 
> Bluetooth API with Permissions Policy, which is already widely adopted. 
> Also not explicitly allowing an iframe to use bluetooth with 
> allow="bluetooth" won't affect the current behavior.
>
>
>
> *Gecko*: No signal
>
Negative <https://github.com/mozilla/standards-positions/issues/95> is more 
accurate:  

>
> *WebKit*: No signal
>
Similarly, a negative 
<https://webkit.org/status/#specification-web-bluetooth> signal is more 
appropriate. 

>
> *Web developers*: Positive (
> https://bugs.chromium.org/p/chromium/issues/detail?id=518042)
>
> *Other signals*:
>
> Ergonomics 
>
> No anticipated ergonomic risks.
>
>
> Activation 
>
> If developers would like to provide access to Web Bluetooth to 
> cross-origin trusted iframes, they just need to add allow="bluetooth" to it.
>
>
> Security 
>
> This integration makes the Web Bluetooth API more secure while keeping the 
> current behavior and adding more capabilities to it.
>
>
> WebView application risks 
>
> *Does this intent deprecate or change behavior of existing APIs, such that 
> it has potentially high risk for Android WebView-based applications?*
>
> No. Web Bluetooth is not available in WebView.
>
>
>
> Debuggability 
>
> N/A (No DevTools support needed)
>
>
>
> Is this feature fully tested by web-platform-tests 
> <https://chromium.googlesource.com/chromium/src/+/master/docs/testing/web_platform_tests.md>
> ? 
>
> Yes
>
> Flag name 
>
> No flag.
>
> Requires code in //chrome? 
>
> False
>
> Tracking bug 
>
> https://bugs.chromium.org/p/chromium/issues/detail?id=518042
>
> Estimated milestones 
>
> No milestones specified
>
>
>
> Anticipated spec changes 
>
> *Open questions about a feature may be a source of future web compat or 
> interop issues. Please list open issues (e.g. links to known github issues 
> in the project for the feature specification) whose resolution may 
> introduce web compat/interop risk (e.g., changing to naming or structure of 
> the API in a non-backward-compatible way).*
>
>
>
> Link to entry on the Chrome Platform Status 
>
> https://chromestatus.com/feature/6439287120723968
>

-- 
You received this message because you are subscribed to the Google Groups 
"blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to [email protected].
To view this discussion on the web visit 
https://groups.google.com/a/chromium.org/d/msgid/blink-dev/929c4b63-a112-4522-8243-7e4b26e85555n%40chromium.org.

Reply via email to