[Webkit-unassigned] [Bug 221399] New: DeviceMotionEvent.requestPermission is not a function in iframe-hosted cross-origin pages, even with feature policy and allow attributes set
bugzilla-daemon at webkit.org
bugzilla-daemon at webkit.org
Thu Feb 4 04:22:20 PST 2021
https://bugs.webkit.org/show_bug.cgi?id=221399
Bug ID: 221399
Summary: DeviceMotionEvent.requestPermission is not a function
in iframe-hosted cross-origin pages, even with feature
policy and allow attributes set
Product: WebKit
Version: Safari 14
Hardware: All
OS: All
Status: NEW
Severity: Critical
Priority: P2
Component: Frames
Assignee: webkit-unassigned at lists.webkit.org
Reporter: will.morgan at iproov.com
Created attachment 419269
--> https://bugs.webkit.org/attachment.cgi?id=419269&action=review
Safari gyroscope iframe permission problem
Using iOS 14, DeviceMotionEvent.requestPermission does not exist in documents that are hosted within a cross-origin iframe, even if feature policy is set.
This seems to be because the gyroscope capability of Safari isn't yet supported, as documented on MDN: https://developer.mozilla.org/en-US/docs/Web/HTTP/Feature_Policy
To replicate, please:
1. See the attached reproduction or https://storage.cloud.google.com/public-demo/safarigyro.html
2. Navigate to the page using Safari, preferably on a device with a gyroscope, like an iPhone or iPad.
3. Observe that DeviceMotionEvent.requestPermission works correctly on the hosting page.
4. Observe that even though the gyroscope property is set per the Feature-Policy (Permissions-Policy?), the clicking the iframe'd button triggers an error.
This currently affects anyone wanting to integrate apps that use device motion in an iframe, which is a proven, reasonable and ubiquitous integration method for web apps wanting to compose their own user experiences with tools from other vendors.
There is no satisfactory workaround for the above issue. Any consenting web application cannot prompt their users to request gyroscope permissions, therefore device motion is broken in iframes.
--
You are receiving this mail because:
You are the assignee for the bug.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-unassigned/attachments/20210204/ba1f6dbf/attachment.htm>
More information about the webkit-unassigned
mailing list