Where did "speaker" feature policy go? #91
Comments
|
It would be good to decide whether this permission is for "speaker use" or "speaker selection". |
|
Chrome has never implemented a speaker permission, understood to mean an explicit permission specifically for nondefault speakers. Chrome allows setSinkId to succeed if the microphone permission has previously been granted and fails otherwise. We have considered adding a speaker-only permission for setSinkId (to better support the non-communications cases that don't require a mic), but there has been little demand for it and an there have been concerns that an UI prompt just for speakers might be confusing to users since the default speaker does not require authorization. The speaker feature policy code that was written in Chrome was removed because there was no implementation of a speaker permission, no mention of it in this spec, and, since the microphone permission is currently used for setSinkId, the microphone policy should work too. |
|
If we add text to the spec explaining how a speaker feature policy should work, it can be brought back in Chromium, of course. |
@guidou It's far more confusing now where users have to allow microphones when they're just choosing what soundcard to play music on. I have to do a If there is a better thread to discuss this specific issue, could you please point me to it? |
The latter. Accessing a user's non-default speakers is a "powerful feature", and would be OFF in iframes by default. A "speaker use" permission defaulting to OFF in iframes wouldn't be web compatible, so that's a different thing. Most people have some default audio output, and there's "Block Autoplay" for that.
To the page being iframed, I don't see much difference, since that seems easy to work around, as I mention in #87 (comment). |
Right, this makes sense in the context of the audio output spec, but in general, the name is misleading to me. Allowing or not camera/microphone access is probably something much more easy to decide than allowing or not access to non-default speakers.
Sure, I was meaning a feature policy which would be ON by default and pages could explicitly set it to off.
I was thinking of third-party iframes. |
@youennf This is covered under § 3.1 Consent.
I think that's a separate issue, #63 maybe. |
@guidou I think the web compat question here is did Chrome ever used to require <iframe allow="camera; microphone; speaker">...in order for the site to change audio output during a WebRTC call? Or did this always suffice: <iframe allow="camera; microphone">? If we go back to requiring the former, what sites might break? |
I am not sure feature policy is really about user consent. User agent may always control this API by advertising or not deviceIds, this is what happens with currently needing to call getUserMedia before using this API. |
No, it never required this.
This always sufficed.
Not clear to me how to answer this, but I guess some sites might break if we start requiring the former. |
@youennf It's Permissions Policy now, and seems explicitly about user consent. Specifically: it solves the question of to whom consent is to be granted. Most browsers have adopted a top-level domain trust model by now, putting the onus on sites to delegate user trust to iframes. If we don't require explicit delegation of said trust, that doesn't work.
I'd say yes they should. Otherwise who's asking?
What origin does it say is asking? Even if it doesn't say, I think most users would assume it's from the top-level domain they're on. I don't think users are well-served if we let any drive-by ad-frame masquerade as the top-level domain (when requesting user consent). |
@guidou Yeah we're looking at breakage then if we introduce a We can play web compat games like Presumably someone thought having some granularity of control here made sense, hence why we have |
The html video element that the user is seeing on the screen. A "speaker-selection" policy makes sense to me when we get to a more flexible API: page wide setting, prompt user to select device, explicit values. |
|
@bradisbell While the topic is actually being discussed, your feedback will be helpful at w3c/mediacapture-main#703. Have filed too many issues and bugs to list here re this subject matter, in pertinent part see w3c/mediacapture-main#650. Perhaps additional feedback, or as put, demand, will overcome the evaluation
|
From editors' meeting two weeks ago: landed on |
"demand" for "it" (where it is capturing audio output to speakers, headphones, "What-U-Hear", and "demand" is are feature requests)
Chromium issues
Firefox and Nightly implementation of Chromium implementation just asks for microphone permission, confusion at Chromium can arise because the user does not select any particular device and From the results of various experiments and tests it is currently impossible to capture speaker output at Chromium within the confines of the implementation of |
I wrote #90 before realizing
"speaker"was removed in w3c/webappsec-permissions-policy#360 and in Chrome. @alvestrand what happened to it?Concerns:
allow="microphone"orallow="camera"in order to use this feature. While it's true you need those permissions today to use this feature in Chrome, this may not always be so. E.g. API to request audio output device selection #86"speaker"permission. Without a corresponding feature-policy, it's unclear whether this feature is available in iframes by default or not (whether you have cam/mic or not).cc @alvestrand, @guidou, @achronop
The text was updated successfully, but these errors were encountered: