First visit to permission-using site results in two dialogs
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Ubuntu UX |
New
|
Undecided
|
Unassigned | ||
| trust-store (Ubuntu) |
New
|
Undecided
|
Unassigned | ||
| webbrowser-app (Ubuntu) |
Confirmed
|
Low
|
Unassigned | ||
Bug Description
Ubuntu 15.04 r270
0. Flash the phone.
1. Launch the Browser.
2. Go to maps.google.com.
3. Tap “Allow”.
What happens:
2. A dialog appears, “Permission Request” “This page wants to use your device’s location.” Deny / Allow
3. A dialog appears, “Browser wants to access your current location.” Allow / Don’t Allow
What should happen: Only one dialog appears. Two is ridiculous, especially given their visual differences.
The same appears for other permissions, such as camera and audio.
Possible ways to solve this bug:
* The Browser should something that isn’t a dialog for site-specific permissions, like Firefox does. (This would also have the benefit that a background tab couldn’t steal focus with a permission dialog.)
* The Browser should have every permission by default, on the understanding that it can be trusted to ask per-site.
* trust-store should let any app split permissions into zones granted independently, and Browser should have one zone per Web site.
| Changed in webbrowser-app (Ubuntu): | |
| status: | New → Confirmed |
| importance: | Undecided → Low |
| Olivier Tilloy (osomon) wrote | #2 |
| description: | updated |
| summary: |
- First visit to location-using site results in two dialogs + First visit to permission-using site results in two dialogs |
This is a known issue indeed, thanks for filing a bug to track it and for the proposed solutions. See my comments inline:
> * The Browser should something that isn’t a dialog for site-specific
> permissions, like Firefox does. (This would also have the benefit that
> a background tab couldn’t steal focus with a permission dialog.)
I like that idea, and it would align with what other major browsers do. Added an ubuntu-ux task to get design to comment on it.
> * The Browser should have every permission by default, on the
> understanding that it can be trusted to ask per-site.
This was suggested and requested in the past, but it turned out to be a security concern. Exactly what the problem is was not elaborated on, though.
> * trust-store should let any app split permissions into zones granted
> independently, and Browser should have one zone per Web site.
That’s an interesting suggestion, and it might have useful applications outside of the browser use case. This would require a public API for applications to inform the trust store that a domain/zone has been granted permission, because when the first dialog is shown by the browser, no request to the location service has been issued yet, so the trust store hasn’t been involved yet.