| 04:28 | <Anton M.> | oops didn't mean to leave |
| 07:57 | <annevk> | zcorpan: had you seen https://bugzilla.mozilla.org/show_bug.cgi?id=1687557? |
| 09:03 | <johannhof> | annevk: Hey, I was just going through my old needinfos and noticed https://bugzilla.mozilla.org/show_bug.cgi?id=1708354 |
| 09:04 | <johannhof> | And that bug itself aside, it feels to me like Chrome and Firefox both shipped this restriction but didn't end up updating the spec (I can't even find an issue for it) |
| 09:06 | <johannhof> | But I'm slightly confused about which spec is responsible for defining these restrictions, is it the Notifications spec or Permissions? |
| 09:07 | <johannhof> | i.e. would it be enough that Notifications says "this is a powerful feature" and then we derive somehow that these are either PP controlled in iframes or forbidden? |
| 09:45 | <annevk> | johannhof: I think the idea was that Permissions Policy would take care of this, but it might not have been integrated everywhere just yet |
| 09:49 | <johannhof> | annevk: Right, so, I guess there are two things here. As per that bug, these checks should not only apply when requesting permission but also when notifications are sent. The second question is what does PP do for features that are powerful but not explicitly part of PP (which I think notifications is not?) |
| 09:50 | <annevk> | Oh right, I guess those we have to update, but that hasn't happened. Same for persistent storage. |
| 09:51 | <johannhof> | I guess point 1 might be captured by having the permission check in the constructor https://notifications.spec.whatwg.org/#constructors, so that might only be a Firefox implementation issue |
| 09:52 | <johannhof> | And then step 3 of https://w3c.github.io/permissions/#reading-current-states will only do the correct thing (deny the request) if there's a policy controlled feature for "notifications" that's always forbidden |
| 09:55 | <johannhof> | What is the state of the registry for permissions policy? Is it still up to the individual standards to define their own entry? So would this be a change in Notifications and Storage? |
| 10:29 | <annevk> | johannhof: for notifications it probably needs to be a local change; for persistent storage I'm not entirely sure what the model should be |
| 10:30 | <annevk> | It makes sense to me that you cannot ask for persistent storage permission, but if you're non-partitioned (i.e., have "storage access") you should probably have persistent storage there |
| 10:30 | <annevk> | The equivalent doesn't make sense for notifications however |
| 10:31 | <annevk> | Although I guess for storage as well it being non-partitioned is a thing that will soonish no longer be possible |
| 10:48 | <johannhof> | Yeah, you're right, storage is more complicated... |
| 10:49 | <johannhof> | Another edge case that always partitioning helps with :) |
| 11:19 | <johannhof> | annevk: thought about this some more and filed https://github.com/whatwg/notifications/issues/177 |
| 12:42 | <nevolaa> | Hello, who have I reached? |
| 14:02 | <Mattias Buelens> | Hi! This is the WHATWG, see https://whatwg.org/faq#what-is-the-whatwg |