Add support for time limits for Web API permissions in brave-core
See original GitHub issueCurrently, when requesting a permission, Chromium allows users to say yes or no, w/o an intermediate option.
For example, i can give google maps access to my location forever (or deny), or i can give the zoom web client access to my camera and mic forever (or deny), but there is no option to say “you can use my camera until i close the page” or “you can use my location for 24 hours”.
Options
This issue is to create the ability to grant a page access to a permissioned API for the following options:
- Grant permission, forever (currently available)
- No permission, forever (currently available)
- Permission for this site session (i.e. until there are no more top-level documents for the eTLD+1, to align with ephemeral site storage)
- Permission for
arbitrary amount of time
For 4, we likely wouldn’t want to expose this option to users (I imagine we’d want so preset “one week” or similar options), but the implementation should allow for arbitrary lengths.
Current UI
Currently Brave uses the upstream Chromium options (and UI), which give the user only a permanent Yes or No option.
Other Browsers
Fiirefox
Firefox currently has a version of this for for some permissions. By default, "allow" and "deny" apply for the page, and "Remember this decision" makes the choice permanent.Safari
Safari similarly by default grants permission for the page, with options to make the choice permeant.
Out-of-Scope and Other Considerations
- This issue does not cover the UI to expose these new capabilities to users. UI work is covered in issues https://github.com/brave/brave-browser/issues/14127 (Desktop) and https://github.com/brave/brave-browser/issues/14128 (Android)
- It would be ideal to extend these lifetime’d permissions to extension permissions, but that is separate, come later work
- I expect it may be difficult to surface the lifetime’d permissions in the chrome content settings UI. That would also be ideal, but is also saved for follow up work.
- This issue currently suggests adding “for site session” (in the ephemeral site storage sense). If this ends up being significantly more difficult than the “page session” options Firefox and Safari use, lets change this issue to be “page session” too
Issue Analytics
- State:
- Created 3 years ago
- Comments:19 (16 by maintainers)
Top GitHub Comments
Verification passed on OnePlus 6T with Android 10 running 1.24.81 x64 build
Time Based checks
20 Sec timer - Allow (Camera + Microphone)
20 Sec timer - Block Forever (Camera + Microphone)
Block Forever
adds an entry under blocked list for the siteOrigin-based cases
Origin-based behaviour, multiple tabs (Location)
browserleaks.com/geo
triggers permission promptUntil I close this page
and select allow sets the permission for the page and detects locationBlock Forever
adds the site to blocked listbrowserleaks.com/geo
tab resets the site permission from site settings24-hour / 1-week cases
23 hrs test
25 hrs test
6 Days 12hrs test
8 days Test
Allow/Block forever cases
Allow forever (Location)
https://permission.site
triggers permission promptforever
Block Forever (Notifications)
https://permission.site
triggers permission promptBlock Forever
Consecutive-revocation cases
10 sec repeat permission
--permission-lifetime-test-seconds=10
shows 10 sec option in permission prompthttps://permission.site
workshttps://browserleaks.com/geo
triggers the prompt and set it to 10 sec optionPrivate tab test
Permission on private tabs
Verification passed on Samsung Tab A with Android 10 running 1.24.81 x64 build
Time Based checks
20 Sec timer - Allow (Camera + Microphone)
20 Sec timer - Block Forever (Camera + Microphone)
Block Forever
adds an entry under blocked list for the site <img width=300 src=>Origin-based cases
Origin-based behaviour, multiple tabs (Location)
browserleaks.com/geo
triggers permission promptUntil I close this page
and select allow sets the permission for the page and detects locationBlock Forever
adds the site to blocked listbrowserleaks.com/geo
tab resets the site permission from site settings24-hour / 1-week cases
23 hrs test
25 hrs test
6 Days 12hrs test
8 days Test
Allow/Block forever cases
Allow forever (Location)
https://permission.site
triggers permission promptforever
Block Forever (Notifications)
https://permission.site
triggers permission promptBlock Forever
Consecutive-revocation cases
10 sec repeat permission
--permission-lifetime-test-seconds=10
shows 10 sec option in permission prompthttps://permission.site
workshttps://browserleaks.com/geo
triggers the prompt and set it to 10 sec optionPrivate tab test
Permission on private tabs
Verified
PASSED
usingNOTES (especially for the rest of the @brave/legacy_qa team):
https://permissions.info
will tell you whether a permission previously granted for that site has expired or not, though.brave://settings/content
,brave://settings/content/camera
,brave://settings/content/microphone
,brave://settings/content/location
,brave://settings/content/midi
,brave://settings/content/notifications
and moreLifetime Permissions
viabrave://flags
, since that’s common to nearly all the testcases herehttps://permission.site
to test, of course! if you use that site, be sure you are loading it overHTTPS
, rather thanHTTP
, as many of the tests’ buttons won’t work overHTTP
Time-based cases
20-seconds, Allow permission (
microphone
):--enable-logging=stderr --vmodule="*/bat-native-ledger/*"=6,"*/brave_rewards/*"=6,"*/bat-native-ads/*"=6,"*/bat-native-confirmations/*"=6,"*/brave_ads/*"=9,"*/brave_user_model/*"=6 --permission-lifetime-test-seconds=20
brave://flags
and enable thePermissions Lifetime
flaghttps://permission.site
Microphone
20 seconds
, clickAllow
Continue allowing permission.site to access your microphone
brave://settings/content/microphone
https://permission.site:443
is underAllow
https://permission.site
, confirm that clicking onMicrophone
again re-prompts for permissionsbrave://settings/content/
and confirm there’s nomicrophone
orpermission.site
listed underRecent activity
20-seconds, Allow permission (
camera + microphone
):--enable-logging=stderr --vmodule="*/bat-native-ledger/*"=6,"*/brave_rewards/*"=6,"*/bat-native-ads/*"=6,"*/bat-native-confirmations/*"=6,"*/brave_ads/*"=9,"*/brave_user_model/*"=6 --permission-lifetime-test-seconds=20
brave://flags
and enable thePermissions Lifetime
flaghttps://permission.site
Camera + Microphone
20 seconds
, clickAllow
Camera
-Allow
andMicrophone
-Allow
Camera
norMicrophone
with any values presentOrigin-based cases
Origin-based behavior, multiple tabs (
location
):brave://flags
and enable thePermission Lifetime
flaghulu.com
until I close this page
Allow
brave://settings/content/location
showsAllow
forLocation
Allow
when prompted to install Widevinehulu.com
in another tabbrave://settings/content/location
showsAllow
forLocation
brave://settings/content/location
now showsAsk before accessing (recommended)
and has nothing underBlock
andAllow
Origin-based behavior, leave tab open, restart (
MIDI
):brave://flags
and enable thePermission Lifetime
flaghttps://permission.site/
until I close this page
Allow
brave://settings/content
showspermission.site
withAllowed MIDI devices
brave://settings/content/midiDevices
showsAsk when a site wants to use system exclusive messages to access MIDI MIDI devices
Block
orAllow
https://permission.site/
MIDI
Origin-based behavior, close tab, open new tab (
MIDI
):brave://flags
and enable thePermission Lifetime
flaghttps://permission.site/
MIDI
until I close this page
Allow
brave://settings/content
showspermission.site
withAllowed MIDI devices
permission.site
tabbrave://settings/content/midiDevices
in a new tabBlock
orAllow
https://permission.site/
in a new tabMIDI
24-hour / 1-week cases
24-hours, negative test (25 hours) (
microphone
):brave://flags
and enable thePermission Lifetime
flaghttps://permission.site/
Microphone
for 24 hours
brave://settings/content
showsAllow
forMicrophone
brave://settings/content
showsAsk (default)
forMicrophone
https://permission.site/
Microphone
24-hours positive test (23 hours) (
microphone
):brave://flags
and enable thePermission Lifetime
flaghttps://permission.site/
Microphone
for 24 hours
brave://settings/content
showsAllow
forMicrophone
brave://settings/content
showsAllow
forMicrophone
https://permission.site/
Microphone
1-week, negative test (8 days) (
camera
):brave://flags
and enable thePermission Lifetime
flaghttps://permission.site/
Camera
for 1 week
brave://settings/content
showsAllow
forCamera
brave://settings/content shows "Ask (default)
forCamera
https://permission.site/
Camera
1-week, positive test (
location
):brave://flags
and enable thePermission Lifetime
flaghttps://permission.site/
Location
for 1 week
brave://settings/content
showsAllow
forLocation
brave://settings/content shows
permission.sitewith
Allowed locationunder
Recent activity`https://permission.site/
Location
Allow/Block forever cases
Allow forever (
location
):brave://flags
and enable thePermission Lifetime
flaghttps://permission.site/
Location
forever
brave://settings/content
showsAllow
forLocation
brave://settings/content
showsAllow
forLocation
https://permission.site/
Block forever (
notifications
):brave://flags
and enable thePermission Lifetime
flaghttps://permission.site/
Notifications
Block forever
brave://settings/content
showsBlock
forNotifications
brave://settings/content
showsBlock
for Notificationshttps://permission.site/
Consecutive-revocation cases
Consecutive-revocation permissions (
location
):--enable-logging=stderr --vmodule="*/bat-native-ledger/*"=6,"*/brave_rewards/*"=6,"*/bat-native-ads/*"=6,"*/bat-native-confirmations/*"=6,"*/brave_ads/*"=9,"*/brave_user_model/*"=6 --permission-lifetime-test-seconds=20
brave://flags
and enable thePermissions Lifetime
flaghttps://permission.site
Location
20 seconds
permission.site
in the URL barLocation
is set toAllow
https://browserleaks.com/geo
permissions.site
Location
with any valuebrowserleaks.com/geo
Location
with any valueNegative/current-parity cases
Block (
Auto Download
):--enable-logging=stderr --vmodule="*/bat-native-ledger/*"=6,"*/brave_rewards/*"=6,"*/bat-native-ads/*"=6,"*/bat-native-confirmations/*"=6,"*/brave_ads/*"=9,"*/brave_user_model/*"=6 --permission-lifetime-test-seconds=20
brave://flags
and enable thePermissions Lifetime
flag. restart Brave via command-linehttps://permission.site
Auto Download
Download multiple files
withBlock
andAllow
buttonsBlock
in the dialogCancel
in the file pickerDownload
icon in the URL barContinue blocking automatic downloads of multiple files
chosenbrave://settings/content/automaticDownloads
and confirmhttps://permission.site:443
is under theBlock
sectionbrave://settings/content/
and confirmpermission.site - http
readsBlocked automatic downloads
permission.site
click again onAuto Download
, and confirm nothing happens (no file picker or permissions dialog pop up)Allow (
Auto Download
):--enable-logging=stderr --vmodule="*/bat-native-ledger/*"=6,"*/brave_rewards/*"=6,"*/bat-native-ads/*"=6,"*/bat-native-confirmations/*"=6,"*/brave_ads/*"=9,"*/brave_user_model/*"=6 --permission-lifetime-test-seconds=20
brave://flags
and enable thePermissions Lifetime
flag. restart Brave via command-linehttps://permission.site
Auto Download
Download multiple files
withBlock
andAllow
buttonsAllow
in the dialogCancel
orSave
in the file pickerCancel
orSave
againDownload
icon in the URL barContinue allowing automatic downloads of multiple files
chosenbrave://settings/content/automaticDownloads
and confirmhttps://permission.site:443
is under theAllow
sectionbrave://settings/content/
and confirmpermission.site - http
readsAllowed automatic downloads
permission.site
click again onAuto Download
, and confirm you again get two consecutive file-picker dialogsAllow (
Widevine
):--enable-logging=stderr --vmodule="*/bat-native-ledger/*"=6,"*/brave_rewards/*"=6,"*/bat-native-ads/*"=6,"*/bat-native-confirmations/*"=6,"*/brave_ads/*"=9,"*/brave_user_model/*"=6 --permission-lifetime-test-seconds=20
brave://flags
and enable thePermissions Lifetime
flag. restart Brave via command-linenetflix.com
(or anyWidevine
-using site)Notifications
, when prompted (or just dismiss the dialog)Install and run Widevine
prompt, with a[ ] Don't ask again
checkbox andBlock
andAllow
buttonsAllow
Widevine
Migration (stored prefs)
Block (
Notifications
):1.23.73
, loadpermission.site
in a new profileNotifications
Block
1.24.x
with itbrave://flags
and flipPermission Lifetime
toEnabled
1.24.x
permission.site
Notifications
doesn’t prompt or show notificationsbrave://settings/content/notifications
and confirm thathttps://permission.site:443
is listed underBlock
Allow (
Location
):1.23.73
, loadpermission.site
in a new profileAllow
1.24.x
with itbrave://flags
and flipPermission Lifetime
toEnabled
1.24.x
permission.site
Location
doesn’t prompt or show notificationsbrave://settings/content/location
and confirm thathttps://permission.site:443
is listed underAllow
Continue allowing this site to access your location
Verification passed on
Verified selected test case from above test plan
20-seconds, Allow permission (camera + microphone )
Verified permission prompt was triggered
Verified permissions were granted
Verified permissions were revoked after 20s
Origin-based behavior, multiple tabs (location)
Verified visiting browserleaks.com/geo triggers permission prompt Verified the permission is granted Verified That after closing 1 tab, the permission is still granted Verified closing all the related tabs, clears the permission Verified visiting browserleaks.com/geo again triggers permission prompt
Allow forever (location)
Verified visiting the page triggers permission prompt Verified brave://settings/content for Location shows Allow Verified after 2 months, permission is still granted
24-hours positive test (23 hours) (microphone)
Verified permission prompt was shown and was able to set 24h Verified permission was allowed in brave://settings/content Verified microphone permissions are Allowed for the site after 23h : Verified no prompt was shown for Microphone after 23h
Consecutive-revocation permissions (location)
Verified visiting
permission.site
triggers permission prompt Verified Location is allowed for 20 seconds Verified visitinghttps://browserleaks.com/geo
triggers permission prompt Verified Location is allowed for 20 seconds Verified after 20s the allow permission was revokedUpgrade test from 1.23.x
Verified that in 1.23.x,
Location
was set toBlock
,Notifications
toAllow
Verified that after upgrade the permissions remained the sameVerification passed on
Verified selected test case from above test plan
20-seconds, Allow permission_Normal Tab (camera + microphone )
Verified permission prompt was triggered
Verified permissions were granted
Verified permissions were revoked after 20s
20-seconds, Allow permission_PrivateTab (camera + microphone )
Verified permission prompt was triggered
Verified permissions were granted
Verified permissions were revoked after 20s
20-seconds, Allow permission_TorTab (camera + microphone )
Verified permission prompt was triggered
Verified permissions were granted
Verified permissions were revoked after 20s
Origin-based behavior, multiple tabs (location)
Example
Example
Example
Example
Example
Allow forever (location)
Example
Example
Example
Example
24-hours positive test (23 hours) (microphone)
Verified permission prompt was shown and was able to set 24h
Verified permission was allowed in brave://settings/content
Verified microphone permissions are Allowed for the site after 23h :
Verified no prompt was shown for Microphone after 23h
Consecutive-revocation permissions (location)
Verified visiting
permission.site
triggers permission prompt Verified Location is allowed for 20 seconds Verified visitinghttps://browserleaks.com/geo
triggers permission prompt Verified Location is allowed for 20 seconds Verified after 20s the allow permission was revokedExample
Example
Example
Example
Example
Example
Upgrade test
Blocked
notifications for permission.site and upgraded profile to 1.24.x1.23.x
1.23.x
1.24.x
1.24.x