[Webkit-unassigned] [Bug 152299] New: Enable opt-in DeviceOrientation and DeviceMotion cross-origin iframe access
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Tue Dec 15 05:36:15 PST 2015
https://bugs.webkit.org/show_bug.cgi?id=152299
Bug ID: 152299
Summary: Enable opt-in DeviceOrientation and DeviceMotion
cross-origin iframe access
Classification: Unclassified
Product: WebKit
Version: WebKit Nightly Build
Hardware: iOS
OS: iOS 9.0
Status: NEW
Severity: Normal
Priority: P2
Component: WebCore JavaScript
Assignee: webkit-unassigned at lists.webkit.org
Reporter: rich.tibbett at gmail.com
With iOS 9.2 WebKit now blocks deviceorientation and devicemotion event access from cross-origin iframes.
I know we have discussed preventing access to powerful features such as DeviceOrientation and DeviceMotion events from non-https documents and sub-documents but WebKit on iOS, as of the 9.2 update, is also blocking cross-origin iframe access too. Has this additional restriction been discussed in any standards organization to date?
If this feature needs to stay then perhaps we could then allow website owners to opt-in to override that restriction and enable iframe sandboxes to access device sensors if they wish.
I would propose an opt-in mechanism via the sandbox attribute for website owners as follows:
<iframe src="https://some-cross-origin-page" sandbox="allow-scripts allow-device-sensors"/>
I have created a quick patch for WebKit that enables 'allow-device-sensors' @ https://github.com/WebKit/webkit/compare/master...richtr:iframe-sandbox-allow-device-sensors.
Could we discuss this restriction added to iOS 9.2 and the 'allow-device-sensors' proposal in an open standards forum somewhere? Where should that be?
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.webkit.org/pipermail/webkit-unassigned/attachments/20151215/1eb8c1a4/attachment.html>
More information about the webkit-unassigned
mailing list