From df576394c3712a18a6eec5187c937445688c897c Mon Sep 17 00:00:00 2001 From: Aaron Selya Date: Mon, 27 Jan 2025 14:07:43 -0500 Subject: [PATCH 1/5] Update spec to allow for the query algorithm to return "prompt" instead of "denied" Allowing the query algorithm to return `prompt` or`denied` helps protect the user from exposing their available features and helps prevent retaliation against the user from developers. --- index.html | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/index.html b/index.html index 265278f..bb5de28 100644 --- a/index.html +++ b/index.html @@ -800,7 +800,14 @@

[=associated `Document`=].
  • If document is not allowed to use |feature|, return - {{PermissionState/"denied"}}. + {{PermissionState/"denied"}} or {{PermissionState/"prompt"}}. + +

    + The {{PermissionState/"prompt"}} may be returned instead of + {{PermissionState/"denied"}} to avoid exposing if the |feature| is + allowed to use to developers. This is done to prevent retaliation against + the user and repeated prompting to the detriment of the user experience. +

    • From 14cd0034943931ee16eea1b3b5c581bfb596f701 Mon Sep 17 00:00:00 2001 From: Aaron Selya Date: Fri, 21 Feb 2025 11:40:33 -0500 Subject: [PATCH 2/5] Update index.html MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Marcos Cáceres --- index.html | 7 ++----- 1 file changed, 2 insertions(+), 5 deletions(-) diff --git a/index.html b/index.html index bb5de28..5253d0e 100644 --- a/index.html +++ b/index.html @@ -803,11 +803,8 @@

    {{PermissionState/"denied"}} or {{PermissionState/"prompt"}}.

    - The {{PermissionState/"prompt"}} may be returned instead of - {{PermissionState/"denied"}} to avoid exposing if the |feature| is - allowed to use to developers. This is done to prevent retaliation against - the user and repeated prompting to the detriment of the user experience. -

    + For privacy reasons the user agent can return the {{PermissionState/"prompt"}} state instead of {{PermissionState/"denied"}}. This is because the {{PermissionState/"denied"}} state could reveal information about prior visits that user agents might not be willing to expose. +

    From dbaef0c2823e935cbe24eb1237037fd2f5072f60 Mon Sep 17 00:00:00 2001 From: Aaron Selya Date: Fri, 21 Feb 2025 12:12:02 -0500 Subject: [PATCH 3/5] Update index.html MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: Marcos Cáceres --- index.html | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/index.html b/index.html index 5253d0e..54864dd 100644 --- a/index.html +++ b/index.html @@ -800,7 +800,8 @@

    [=associated `Document`=].
  • If document is not allowed to use |feature|, return - {{PermissionState/"denied"}} or {{PermissionState/"prompt"}}. + {{PermissionState/"denied"}}. +

    • For privacy reasons the user agent can return the {{PermissionState/"prompt"}} state instead of {{PermissionState/"denied"}}. This is because the {{PermissionState/"denied"}} state could reveal information about prior visits that user agents might not be willing to expose. From 0e8b20d85c123855a699ca32c33791be3ce0b61d Mon Sep 17 00:00:00 2001 From: Aaron Selya Date: Fri, 21 Feb 2025 13:29:26 -0500 Subject: [PATCH 4/5] Update index.html Remove open tag that was not closed. Format text. --- index.html | 7 ++++--- 1 file changed, 4 insertions(+), 3 deletions(-) diff --git a/index.html b/index.html index 54864dd..3a09851 100644 --- a/index.html +++ b/index.html @@ -801,10 +801,11 @@

  • If document is not allowed to use |feature|, return {{PermissionState/"denied"}}. -
    • -

    - For privacy reasons the user agent can return the {{PermissionState/"prompt"}} state instead of {{PermissionState/"denied"}}. This is because the {{PermissionState/"denied"}} state could reveal information about prior visits that user agents might not be willing to expose. + For privacy reasons the user agent can return the {{PermissionState/"prompt"}} + state instead of {{PermissionState/"denied"}}. This is because the + {{PermissionState/"denied"}} state could reveal information about prior visits + that user agents might not be willing to expose.

    From 03e1a067913fd1f9e551facb8a29a4c17cb6d65c Mon Sep 17 00:00:00 2001 From: Aaron Selya Date: Mon, 3 Mar 2025 10:19:48 -0500 Subject: [PATCH 5/5] Update index.html Move text to section 8 as requested by reviewer. --- index.html | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/index.html b/index.html index 3a09851..d828d2a 100644 --- a/index.html +++ b/index.html @@ -801,12 +801,6 @@

  • If document is not allowed to use |feature|, return {{PermissionState/"denied"}}. -

    - For privacy reasons the user agent can return the {{PermissionState/"prompt"}} - state instead of {{PermissionState/"denied"}}. This is because the - {{PermissionState/"denied"}} state could reveal information about prior visits - that user agents might not be willing to expose. -

    • @@ -822,6 +816,12 @@

  • Return the {{PermissionState}} enum value that represents the permission state of |feature|, taking into account any [=powerful feature/permission state constraints=] for |descriptor|'s {{PermissionDescriptor/name}}. +

    + For privacy reasons the user agent can return the {{PermissionState/"prompt"}} + state instead of {{PermissionState/"denied"}}. This is because the + {{PermissionState/"denied"}} state could reveal information about prior visits + that user agents might not be willing to expose. +