Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Add support for time limits for Web API permissions in brave-core

See original GitHub issue

Currently, when requesting a permission, Chromium allows users to say yes or no, w/o an intermediate option.

For example, i can give google maps access to my location forever (or deny), or i can give the zoom web client access to my camera and mic forever (or deny), but there is no option to say “you can use my camera until i close the page” or “you can use my location for 24 hours”.

Options

This issue is to create the ability to grant a page access to a permissioned API for the following options:

  1. Grant permission, forever (currently available)
  2. No permission, forever (currently available)
  3. Permission for this site session (i.e. until there are no more top-level documents for the eTLD+1, to align with ephemeral site storage)
  4. Permission for arbitrary amount of time

For 4, we likely wouldn’t want to expose this option to users (I imagine we’d want so preset “one week” or similar options), but the implementation should allow for arbitrary lengths.

Current UI

Currently Brave uses the upstream Chromium options (and UI), which give the user only a permanent Yes or No option. Screen Shot 2021-02-11 at 8 19 15 PM

Other Browsers

Fiirefox

Screen Shot 2021-02-11 at 8 10 07 PM Screen Shot 2021-02-11 at 8 12 16 PM Firefox currently has a version of this for for some permissions. By default, "allow" and "deny" apply for the page, and "Remember this decision" makes the choice permanent.

Safari

Safari similarly by default grants permission for the page, with options to make the choice permeant. Screen Shot 2021-02-11 at 8 13 49 PM Screen Shot 2021-02-11 at 8 14 41 PM

Out-of-Scope and Other Considerations

  • This issue does not cover the UI to expose these new capabilities to users. UI work is covered in issues https://github.com/brave/brave-browser/issues/14127 (Desktop) and https://github.com/brave/brave-browser/issues/14128 (Android)
  • It would be ideal to extend these lifetime’d permissions to extension permissions, but that is separate, come later work
  • I expect it may be difficult to surface the lifetime’d permissions in the chrome content settings UI. That would also be ideal, but is also saved for follow up work.
  • This issue currently suggests adding “for site session” (in the ephemeral site storage sense). If this ends up being significantly more difficult than the “page session” options Firefox and Safari use, lets change this issue to be “page session” too

Issue Analytics

  • State:closed
  • Created 3 years ago
  • Comments:19 (16 by maintainers)

github_iconTop GitHub Comments

2reactions
srirambvcommented, Apr 30, 2021
Verification passed on OnePlus 6T with Android 10 running 1.24.81 x64 build

Time Based checks

20 Sec timer - Allow (Camera + Microphone)
  • Verified passing argument to set permission timer to 20 sec shows up as an option
  • Verified selecting 20 sec option and allow enables the Camera + Microphone on the site and system notification shows up
  • Verified site is added under allow list for both Camera + Microphone
  • Verified after 20 sec the site permissions are removed automatically
  • Verified reloading the page and selecting Camera on the page triggers the permission prompt again
20 Sec option Select 20 sec timer Site requesting permission Site added to allow list
image image image image
20 Sec timer - Block Forever (Camera + Microphone)
  • Verified setting permission to Block Forever adds an entry under blocked list for the site

Origin-based cases

Origin-based behaviour, multiple tabs (Location)
  • Verified visiting browserleaks.com/geo triggers permission prompt
  • Verified selecting Until I close this page and select allow sets the permission for the page and detects location
  • Verified visiting permission.site on a second tab and selecting location triggers prompt
  • Verified selecting Block Forever adds the site to blocked list
  • Verified site settings shows both sites under allowed/blocked respectively
  • Verified closing browserleaks.com/geo tab resets the site permission from site settings
  • Verified revisiting the page on a new tab triggers the prompt again

24-hour / 1-week cases

23 hrs test
  • Verified allowing permission on a site for 24hrs works fine
  • Verified restarting the browser and loading the page doesn’t trigger permission prompt
  • Verified moving device date ahead to 23hrs and reloading the page/opening in a new tab doesn’t trigger the permission prompt
25 hrs test
  • Verified allowing permission on a site for 24hrs works fine
  • Verified restarting the browser and loading the page doesn’t trigger permission prompt
  • Verified moving device date ahead to 25hrs and reloading the page/opening in a new tab trigger the permission prompt
6 Days 12hrs test
  • Verified allowing permission on a site for 1 week works fine
  • Verified restarting the browser and loading the page doesn’t trigger permission prompt
  • Verified moving device date ahead to 6 days & 12 hrs ahead and reloading the page/opening in a new tab doesn’t trigger the permission prompt
8 days Test
  • Verified allowing permission on a site for 1 week works fine
  • Verified restarting the browser and loading the page doesn’t trigger permission prompt
  • Verified moving device date ahead to 8days and reloading the page/opening in a new tab trigger the permission prompt

Allow/Block forever cases

Allow forever (Location)
  • Verified selecting location on https://permission.site triggers permission prompt
  • Verified able to set the permission to forever
  • Verified reloading the page doesn’t trigger the prompt
  • Verified site settings adds the site to allow list
  • Verified moving device date ahead by a month and revisiting the page in a new tab doesn’t trigger the notification
Block Forever (Notifications)
  • Verified selecting location on https://permission.site triggers permission prompt
  • Verified able to set the permission to Block Forever
  • Verified site settings adds the site to block list
  • Verified moving device date ahead by a month and revisiting the page in a new tab doesn’t trigger the notification

Consecutive-revocation cases

10 sec repeat permission
  • Verified launching with command line --permission-lifetime-test-seconds=10 shows 10 sec option in permission prompt
  • Verified setting the prompt for 10 sec on https://permission.site works
  • Opening a new tab and visiting https://browserleaks.com/geo triggers the prompt and set it to 10 sec option
  • Wait for 10sec and navigate back to permission site via bottom toolbar swipe prompts again to set permission
  • Swipe back to browserleaks tab prompts on that page as well

Private tab test

Permission on private tabs
  • Verified permission prompt shows up on private tab as well
  • Verified setting persmisson forever works on private tab
  • Verified closing the private tab and opening a new one and visiting the same page triggers the permission prompt
  • Verified during an active session, setting permisson on private tab is only valid for the session
  • Verified during an active session, setting permission forever and opening the same page on normal tab still prompts for permission setting
  • Verified clearing site setting via clear data resets all permissions set on any page
Verification passed on Samsung Tab A with Android 10 running 1.24.81 x64 build

Time Based checks

20 Sec timer - Allow (Camera + Microphone)
  • Verified passing argument to set permission timer to 20 sec shows up as an option
  • Verified selecting 20 sec option and allow enables the Camera + Microphone on the site and system notification shows up
  • Verified site is added under allow list for both Camera + Microphone
  • Verified after 20 sec the site permissions are removed automatically
  • Verified reloading the page and selecting Camera on the page triggers the permission prompt again
20 Sec option Select 20 sec timer Site requesting permission Site added to allow list
20 Sec timer - Block Forever (Camera + Microphone)
  • Verified setting permission to Block Forever adds an entry under blocked list for the site <img width=300 src=>

Origin-based cases

Origin-based behaviour, multiple tabs (Location)
  • Verified visiting browserleaks.com/geo triggers permission prompt
  • Verified selecting Until I close this page and select allow sets the permission for the page and detects location
  • Verified visiting permission.site on a second tab and selecting location triggers prompt
  • Verified selecting Block Forever adds the site to blocked list
  • Verified site settings shows both sites under allowed/blocked respectively
  • Verified closing browserleaks.com/geo tab resets the site permission from site settings
  • Verified revisiting the page on a new tab triggers the prompt again

24-hour / 1-week cases

23 hrs test
  • Verified allowing permission on a site for 24hrs works fine
  • Verified restarting the browser and loading the page doesn’t trigger permission prompt
  • Verified moving device date ahead to 23hrs and reloading the page/opening in a new tab doesn’t trigger the permission prompt
25 hrs test
  • Verified allowing permission on a site for 24hrs works fine
  • Verified restarting the browser and loading the page doesn’t trigger permission prompt
  • Verified moving device date ahead to 25hrs and reloading the page/opening in a new tab trigger the permission prompt
6 Days 12hrs test
  • Verified allowing permission on a site for 1 week works fine
  • Verified restarting the browser and loading the page doesn’t trigger permission prompt
  • Verified moving device date ahead to 6 days & 12 hrs ahead and reloading the page/opening in a new tab doesn’t trigger the permission prompt
8 days Test
  • Verified allowing permission on a site for 1 week works fine
  • Verified restarting the browser and loading the page doesn’t trigger permission prompt
  • Verified moving device date ahead to 8days and reloading the page/opening in a new tab trigger the permission prompt

Allow/Block forever cases

Allow forever (Location)
  • Verified selecting location on https://permission.site triggers permission prompt
  • Verified able to set the permission to forever
  • Verified reloading the page doesn’t trigger the prompt
  • Verified site settings adds the site to allow list
  • Verified moving device date ahead by a month and revisiting the page in a new tab doesn’t trigger the notification
Block Forever (Notifications)
  • Verified selecting location on https://permission.site triggers permission prompt
  • Verified able to set the permission to Block Forever
  • Verified site settings adds the site to block list
  • Verified moving device date ahead by a month and revisiting the page in a new tab doesn’t trigger the notification

Consecutive-revocation cases

10 sec repeat permission
  • Verified launching with command line --permission-lifetime-test-seconds=10 shows 10 sec option in permission prompt
  • Verified setting the prompt for 10 sec on https://permission.site works
  • Opening a new tab and visiting https://browserleaks.com/geo triggers the prompt and set it to 10 sec option
  • Wait for 10sec and navigate back to permission site via bottom toolbar swipe prompts again to set permission
  • Swipe back to browserleaks tab prompts on that page as well

Private tab test

Permission on private tabs
  • Verified permission prompt shows up on private tab as well
  • Verified setting persmisson forever works on private tab
  • Verified closing the private tab and opening a new one and visiting the same page triggers the permission prompt
  • Verified during an active session, setting permisson on private tab is only valid for the session
  • Verified during an active session, setting permission forever and opening the same page on normal tab still prompts for permission setting
  • Verified clearing site setting via clear data resets all permissions set on any page
2reactions
stephendonnercommented, May 4, 2021

Verified PASSED using

Brave 1.24.75 Chromium: 90.0.4430.85 (Official Build) beta (x86_64)
Revision 5bc145d831c180d9ff94f29a0d7a2e1cbd30ef36-refs/branch-heads/4430@{#1311}
OS macOS Version 11.3 (Build 20E232)

NOTES (especially for the rest of the @brave/legacy_qa team):

  1. keep in mind you will encounter https://github.com/brave/brave-browser/issues/15473 (and state-related variants); window and tab state aren’t updated dynamically, often (I might be filing more bugs, feel free to do so as well, of course). for shorter lifetimes, clicking on the buttons on https://permissions.info will tell you whether a permission previously granted for that site has expired or not, though.
  2. not all steps are represented with screenshots, for brevity; especially, often, the final step, which is typically just a re-hash of the first step, which already has an included screenshot
  3. use your best judgement re: steps and screenshots - there are multiple ways to verify the permissions’ lifetimes are accurate throughout the UI (lock-icon flyout in the URL bar, brave://settings/content, brave://settings/content/camera, brave://settings/content/microphone, brave://settings/content/location, brave://settings/content/midi, brave://settings/content/notifications and more
  4. some screenshots are included as part of extra verification/alternate steps you might want to take to verify – particularly of the lock-icon flyout w/permissions, as I’ve tried to vary a few of the places to check (as there are more than one) the permissions
  5. I purposefully also omitted the repeated posting of a screenshot for the initial step to enable Lifetime Permissions via brave://flags, since that’s common to nearly all the testcases here
  6. you may and are encouraged to use sites other than https://permission.site to test, of course! if you use that site, be sure you are loading it over HTTPS, rather than HTTP, as many of the tests’ buttons won’t work over HTTP

Time-based cases

20-seconds, Allow permission (microphone):

  1. launch Brave using --enable-logging=stderr --vmodule="*/bat-native-ledger/*"=6,"*/brave_rewards/*"=6,"*/bat-native-ads/*"=6,"*/bat-native-confirmations/*"=6,"*/brave_ads/*"=9,"*/brave_user_model/*"=6 --permission-lifetime-test-seconds=20
  2. load brave://flags and enable the Permissions Lifetime flag
  3. restart Brave via command-line
  4. load https://permission.site
  5. click on Microphone
  6. Give permission for 20 seconds, click Allow
  7. click on the microphone icon in the URL bar
  8. confirm it reads Continue allowing permission.site to access your microphone
  9. open brave://settings/content/microphone
  10. confirm that https://permission.site:443 is under Allow
  11. wait until the remainder of the original 20 seconds passes
  12. on https://permission.site, confirm that clicking on Microphone again re-prompts for permissions
  13. open a tab with brave://settings/content/ and confirm there’s no microphone or permission.site listed under Recent activity
example example example example example
Screen Shot 2021-04-26 at 3 05 07 PM Screen Shot 2021-04-26 at 3 05 19 PM Screen Shot 2021-04-26 at 3 05 45 PM Screen Shot 2021-04-26 at 3 05 51 PM Screen Shot 2021-04-26 at 3 06 52 PM

20-seconds, Allow permission (camera + microphone):

  1. launch Brave using --enable-logging=stderr --vmodule="*/bat-native-ledger/*"=6,"*/brave_rewards/*"=6,"*/bat-native-ads/*"=6,"*/bat-native-confirmations/*"=6,"*/brave_ads/*"=9,"*/brave_user_model/*"=6 --permission-lifetime-test-seconds=20
  2. load brave://flags and enable the Permissions Lifetime flag
  3. restart Brave via command-line
  4. load https://permission.site
  5. click on Camera + Microphone
  6. Give permission for 20 seconds, click Allow
  7. click on the lock icon in the URL bar
  8. confirm the popup shows Camera - Allow and Microphone - Allow
  9. wait the remainder of the 20 seconds
  10. click on the lock icon again
  11. confirm the popup no longer has Camera nor Microphone with any values present
example example example
Screen Shot 2021-04-26 at 3 10 09 PM Screen Shot 2021-04-26 at 3 10 17 PM Screen Shot 2021-04-26 at 3 10 36 PM

Origin-based cases

Origin-based behavior, multiple tabs (location):

  1. load brave://flags and enable the Permission Lifetime flag
  2. restart Brave
  3. load hulu.com
  4. log in
  5. Give permission until I close this page
  6. click Allow
  7. confirm brave://settings/content/location shows Allow for Location
  8. click Allow when prompted to install Widevine
  9. play a video
  10. open hulu.com in another tab
  11. play a video
  12. close either of the two open tabs
  13. confirm brave://settings/content/location shows Allow for Location
  14. close the remaining tab
  15. confirm brave://settings/content/location now shows Ask before accessing (recommended) and has nothing under Block and Allow
example example example example example example
Screen Shot 2021-04-26 at 3 12 58 PM Screen Shot 2021-04-26 at 3 13 08 PM Screen Shot 2021-04-26 at 3 13 14 PM Screen Shot 2021-04-26 at 3 15 43 PM Screen Shot 2021-04-26 at 3 16 03 PM Screen Shot 2021-04-26 at 3 16 15 PM

Origin-based behavior, leave tab open, restart (MIDI):

  1. load brave://flags and enable the Permission Lifetime flag
  2. restart Brave
  3. load https://permission.site/
  4. click on MIDI
  5. Give permission until I close this page
  6. click Allow
  7. confirm brave://settings/content shows permission.site with Allowed MIDI devices
  8. leave tab open
  9. restart Brave
  10. confirm brave://settings/content/midiDevices shows Ask when a site wants to use system exclusive messages to access MIDI MIDI devices
  11. confirm there’s no sites under Block or Allow
  12. load https://permission.site/
  13. click on MIDI
  14. confirm you now get prompted for permission
example example example example example
Screen Shot 2021-04-26 at 3 22 52 PM Screen Shot 2021-04-26 at 3 23 01 PM Screen Shot 2021-04-26 at 3 23 08 PM Screen Shot 2021-04-26 at 3 23 17 PM Screen Shot 2021-04-26 at 3 23 55 PM

Origin-based behavior, close tab, open new tab (MIDI):

  1. load brave://flags and enable the Permission Lifetime flag
  2. restart Brave
  3. load https://permission.site/
  4. click on MIDI
  5. Give permission until I close this page
  6. click Allow
  7. confirm brave://settings/content shows permission.site with Allowed MIDI devices
  8. close permission.site tab
  9. open brave://settings/content/midiDevices in a new tab
  10. confirm there are no permissions or sites listed under Block or Allow
  11. open https://permission.site/ in a new tab
  12. click on MIDI
  13. confirm you get prompted for permission
example example example
Screen Shot 2021-04-26 at 3 30 54 PM Screen Shot 2021-04-26 at 3 31 06 PM Screen Shot 2021-04-26 at 3 33 04 PM

24-hour / 1-week cases

24-hours, negative test (25 hours) (microphone):

  1. load brave://flags and enable the Permission Lifetime flag
  2. restart Brave
  3. load https://permission.site/
  4. click on Microphone
  5. give permission for 24 hours
  6. confirm brave://settings/content shows Allow for Microphone
  7. shut down Brave
  8. set system clock forward by 25 hours
  9. confirm brave://settings/content shows Ask (default) for Microphone
  10. load https://permission.site/
  11. confirm you get re-prompted for microphone permissions when clicking on Microphone
example example example example
Screen Shot 2021-04-26 at 3 40 02 PM Screen Shot 2021-04-26 at 3 37 33 PM Screen Shot 2021-04-26 at 3 37 52 PM Screen Shot 2021-04-26 at 3 43 22 PM

24-hours positive test (23 hours) (microphone):

  1. load brave://flags and enable the Permission Lifetime flag
  2. restart Brave
  3. load https://permission.site/
  4. click on Microphone
  5. give permission for 24 hours
  6. confirm brave://settings/content shows Allow for Microphone
  7. shut down Brave
  8. set system clock forward by 23 hours
  9. confirm brave://settings/content shows Allow for Microphone
  10. load https://permission.site/
  11. confirm you do NOT get re-prompted for microphone permissions when clicking on Microphone
example example example example
Screen Shot 2021-04-27 at 2 44 21 PM Screen Shot 2021-04-27 at 2 44 29 PM Screen Shot 2021-04-27 at 2 44 43 PM Screen Shot 2021-04-27 at 2 45 17 PM

1-week, negative test (8 days) (camera):

  1. load brave://flags and enable the Permission Lifetime flag
  2. restart Brave
  3. load https://permission.site/
  4. click on Camera
  5. give permission for 1 week
  6. confirm brave://settings/content shows Allow for Camera
  7. shut down Brave
  8. set system clock forward by 8 days
  9. confirm brave://settings/content shows "Ask (default) for Camera
  10. load https://permission.site/
  11. confirm you get re-prompted for microphone permissions when clicking on Camera
example example example example
Screen Shot 2021-04-26 at 4 04 49 PM Screen Shot 2021-04-26 at 4 07 43 PM Screen Shot 2021-05-04 at 4 07 48 PM Screen Shot 2021-05-04 at 4 07 58 PM

1-week, positive test (location):

  1. load brave://flags and enable the Permission Lifetime flag
  2. restart Brave
  3. load https://permission.site/
  4. click on Location
  5. give permission for 1 week
  6. confirm brave://settings/content shows Allow for Location
  7. shut down Brave
  8. set system clock forward by 6 days
  9. confirm brave://settings/content shows permission.sitewithAllowed locationunderRecent activity`
  10. load https://permission.site/
  11. confirm you do NOT get re-prompted for location permissions when clicking on Location
example example example example example
Screen Shot 2021-04-26 at 3 55 30 PM Screen Shot 2021-04-26 at 3 55 42 PM Screen Shot 2021-04-26 at 3 56 21 PM Screen Shot 2021-05-02 at 3 56 38 PM Screen Shot 2021-05-02 at 3 57 29 PM

Allow/Block forever cases

Allow forever (location):

  1. load brave://flags and enable the Permission Lifetime flag
  2. restart Brave
  3. load https://permission.site/
  4. click on Location
  5. give permission forever
  6. confirm brave://settings/content shows Allow for Location
  7. shut down Brave
  8. set system clock forward by 2 months
  9. confirm brave://settings/content shows Allow for Location
  10. load https://permission.site/
  11. confirm you get do NOT get reprompted for Location
example example example example example
Screen Shot 2021-04-26 at 4 20 21 PM Screen Shot 2021-04-26 at 4 20 43 PM Screen Shot 2021-04-26 at 4 21 15 PM Screen Shot 2021-06-26 at 4 22 43 PM Screen Shot 2021-06-26 at 4 22 50 PM

Block forever (notifications):

  1. load brave://flags and enable the Permission Lifetime flag
  2. restart Brave
  3. load https://permission.site/
  4. click on Notifications
  5. click on Block forever
  6. confirm brave://settings/content shows Block for Notifications
  7. shut down Brave
  8. set system clock forward by 3 months
  9. confirm brave://settings/content shows Block for Notifications
  10. load https://permission.site/
  11. confirm you get do NOT get reprompted for Notifications
example example example example
Screen Shot 2021-04-26 at 4 34 13 PM Screen Shot 2021-06-26 at 4 37 58 PM Screen Shot 2021-04-26 at 4 34 53 PM Screen Shot 2021-06-26 at 4 35 29 PM

Consecutive-revocation cases

Consecutive-revocation permissions (location):

  1. launch Brave using --enable-logging=stderr --vmodule="*/bat-native-ledger/*"=6,"*/brave_rewards/*"=6,"*/bat-native-ads/*"=6,"*/bat-native-confirmations/*"=6,"*/brave_ads/*"=9,"*/brave_user_model/*"=6 --permission-lifetime-test-seconds=20
  2. load brave://flags and enable the Permissions Lifetime flag
  3. restart Brave via command-line
  4. load https://permission.site
  5. click on Location
  6. give permission for 20 seconds
  7. click on the lock icon next to permission.site in the URL bar
  8. confirm Location is set to Allow
  9. wait 10 seconds
  10. open https://browserleaks.com/geo
  11. give permission for 20 seconds
  12. return to permissions.site
  13. click on the lock icon; confirm you no longer see Location with any value
  14. return to browserleaks.com/geo
  15. click on the lock icon; confirm you no longer see Location with any value
example example example example example
Screen Shot 2021-04-26 at 2 56 02 PM Screen Shot 2021-04-26 at 2 56 07 PM Screen Shot 2021-04-26 at 2 56 27 PM Screen Shot 2021-04-26 at 2 56 41 PM Screen Shot 2021-04-26 at 2 56 52 PM

Negative/current-parity cases

Block (Auto Download):

  1. launch Brave using --enable-logging=stderr --vmodule="*/bat-native-ledger/*"=6,"*/brave_rewards/*"=6,"*/bat-native-ads/*"=6,"*/bat-native-confirmations/*"=6,"*/brave_ads/*"=9,"*/brave_user_model/*"=6 --permission-lifetime-test-seconds=20
  2. load brave://flags and enable the Permissions Lifetime flag. restart Brave via command-line
  3. load https://permission.site
  4. click on Auto Download
  5. verify a file picker is invoked, as well as a permissions request to Download multiple files with Block and Allow buttons
  6. click on Block in the dialog
  7. click Cancel in the file picker
  8. click on the Download icon in the URL bar
  9. confirm you see Continue blocking automatic downloads of multiple files chosen
  10. load brave://settings/content/automaticDownloads and confirm https://permission.site:443 is under the Block section
  11. load brave://settings/content/ and confirm permission.site - http reads Blocked automatic downloads
  12. on permission.site click again on Auto Download, and confirm nothing happens (no file picker or permissions dialog pop up)
example example example
Screen Shot 2021-04-26 at 2 53 02 PM Screen Shot 2021-04-26 at 2 53 11 PM Screen Shot 2021-04-26 at 2 53 15 PM

Allow (Auto Download):

  1. launch Brave using --enable-logging=stderr --vmodule="*/bat-native-ledger/*"=6,"*/brave_rewards/*"=6,"*/bat-native-ads/*"=6,"*/bat-native-confirmations/*"=6,"*/brave_ads/*"=9,"*/brave_user_model/*"=6 --permission-lifetime-test-seconds=20
  2. load brave://flags and enable the Permissions Lifetime flag. restart Brave via command-line
  3. load https://permission.site
  4. click on Auto Download
  5. verify a file picker is invoked, as well as a permissions request to Download multiple files with Block and Allow buttons
  6. click on Allow in the dialog
  7. click either Cancel or Save in the file picker
  8. confirm you get prompted another time, and choose either Cancel or Save again
  9. click on the Download icon in the URL bar
  10. confirm you see Continue allowing automatic downloads of multiple files chosen
  11. load brave://settings/content/automaticDownloads and confirm https://permission.site:443 is under the Allow section
  12. load brave://settings/content/ and confirm permission.site - http reads Allowed automatic downloads
  13. on permission.site click again on Auto Download, and confirm you again get two consecutive file-picker dialogs
example example example example
Screen Shot 2021-04-26 at 2 49 59 PM Screen Shot 2021-04-26 at 2 50 10 PM Screen Shot 2021-04-26 at 2 50 14 PM Screen Shot 2021-04-26 at 2 50 21 PM

Allow (Widevine):

  1. new profile
  2. launch Brave using --enable-logging=stderr --vmodule="*/bat-native-ledger/*"=6,"*/brave_rewards/*"=6,"*/bat-native-ads/*"=6,"*/bat-native-confirmations/*"=6,"*/brave_ads/*"=9,"*/brave_user_model/*"=6 --permission-lifetime-test-seconds=20
  3. load brave://flags and enable the Permissions Lifetime flag. restart Brave via command-line
  4. load netflix.com (or any Widevine-using site)
  5. log in
  6. choose any value for Notifications, when prompted (or just dismiss the dialog)
  7. confirm you see an Install and run Widevine prompt, with a [ ] Don't ask again checkbox and Block and Allow buttons
  8. click Allow
  9. confirm you can play a media title
  10. relaunch Brave
  11. play any title and confirm you are not re-prompted for Widevine
example example example
Screen Shot 2021-04-26 at 10 12 58 PM Screen Shot 2021-04-26 at 10 13 35 PM Screen Shot 2021-04-26 at 10 14 37 PM

Migration (stored prefs)

Block (Notifications):

  1. using release build 1.23.73, load permission.site in a new profile
  2. click on Notifications
  3. click Block
  4. shut down
  5. copy your profile over and launch 1.24.x with it
  6. load brave://flags and flip Permission Lifetime to Enabled
  7. restart Brave 1.24.x
  8. load permission.site
  9. confirm that clicking on Notifications doesn’t prompt or show notifications
  10. load brave://settings/content/notifications and confirm that https://permission.site:443 is listed under Block
example example
Screen Shot 2021-04-26 at 2 44 20 PM Screen Shot 2021-04-26 at 2 40 20 PM

Allow (Location):

  1. using Brave release build 1.23.73, load permission.site in a new profile
  2. click on Location
  3. click Allow
  4. shut down
  5. copy your profile over and launch 1.24.x with it
  6. load brave://flags and flip Permission Lifetime to Enabled
  7. restart Brave 1.24.x
  8. load permission.site
  9. confirm that clicking on Location doesn’t prompt or show notifications
  10. load brave://settings/content/location and confirm that https://permission.site:443 is listed under Allow
  11. click on the dropped-pin icon in the URL bar and confirm it says Continue allowing this site to access your location
example example
Screen Shot 2021-04-26 at 2 36 59 PM Screen Shot 2021-04-26 at 2 37 13 PM

Verification passed on

Brave 1.24.81 Chromium: 90.0.4430.93 (Official Build) (64-bit)
Revision 4df112c29cfe9a2c69b14195c0275faed4e997a7-refs/branch-heads/4430@{#1348}
OS Ubuntu 18.04 LTS

Verified selected test case from above test plan

20-seconds, Allow permission (camera + microphone )

Verified permission prompt was triggered image

Verified permissions were granted image

Verified permissions were revoked after 20s image

Origin-based behavior, multiple tabs (location)

Verified visiting browserleaks.com/geo triggers permission prompt image Verified the permission is granted image image Verified That after closing 1 tab, the permission is still granted image Verified closing all the related tabs, clears the permission image Verified visiting browserleaks.com/geo again triggers permission prompt image

Allow forever (location)

Verified visiting the page triggers permission prompt image Verified brave://settings/content for Location shows Allow image Verified after 2 months, permission is still granted image image

24-hours positive test (23 hours) (microphone)

Verified permission prompt was shown and was able to set 24h image Verified permission was allowed in brave://settings/content image image Verified microphone permissions are Allowed for the site after 23h : image Verified no prompt was shown for Microphone after 23h image

Consecutive-revocation permissions (location)

Verified visiting permission.site triggers permission prompt image Verified Location is allowed for 20 seconds image Verified visiting https://browserleaks.com/geo triggers permission prompt image Verified Location is allowed for 20 seconds image Verified after 20s the allow permission was revoked image image

Upgrade test from 1.23.x

Verified that in 1.23.x, Location was set to Block, Notifications to Allow image Verified that after upgrade the permissions remained the same image image

Verification passed on

Brave | 1.24.82 Chromium: 90.0.4430.93 (Official Build) (64-bit)
-- | --
Revision | 4df112c29cfe9a2c69b14195c0275faed4e997a7-refs/branch-heads/4430@{#1348}
OS | Windows 10 OS Version 2004 (Build 19041.928)

Verified selected test case from above test plan

20-seconds, Allow permission_Normal Tab (camera + microphone )

Verified permission prompt was triggered image

Verified permissions were granted image

Verified permissions were revoked after 20s image

20-seconds, Allow permission_PrivateTab (camera + microphone )

Verified permission prompt was triggered image

Verified permissions were granted image

Verified permissions were revoked after 20s image

20-seconds, Allow permission_TorTab (camera + microphone )

Verified permission prompt was triggered image

Verified permissions were granted image

Verified permissions were revoked after 20s image

Origin-based behavior, multiple tabs (location)
  • Verified visiting browserleaks.com/geo triggers permission prompt
  • Verified the permission is granted
  • Verified That after closing 1 tab, the permission is still granted
  • Verified closing all the related tabs, clears the permission
  • Verified visiting browserleaks.com/geo again triggers permission prompt
Example Example Example Example Example
image image image image image
Allow forever (location)
  • Verified visiting the page triggers permission prompt
  • Verified brave://settings/content for Location shows Allow
  • Verified after 2 months, permission is still granted
Example Example Example Example
image image image image
24-hours positive test (23 hours) (microphone)

Verified permission prompt was shown and was able to set 24h image image

Verified permission was allowed in brave://settings/content image image

Verified microphone permissions are Allowed for the site after 23h : image

Verified no prompt was shown for Microphone after 23h image

Consecutive-revocation permissions (location)

Verified visiting permission.site triggers permission prompt Verified Location is allowed for 20 seconds Verified visiting https://browserleaks.com/geo triggers permission prompt Verified Location is allowed for 20 seconds Verified after 20s the allow permission was revoked

Example Example Example Example Example Example
image image image image image image
Upgrade test
  • Installed 1.23.x and Blocked notifications for permission.site and upgraded profile to 1.24.x
  • Ensured that permission.site is in blocked list in brave://settings/content/notifications
  • Ensured that notifications remained blocked in 1.24.x
1.23.x 1.23.x 1.24.x 1.24.x
image image image image
Read more comments on GitHub >

github_iconTop Results From Across the Web

Quickstart: Configure a client application to access a web API
Select Azure Active Directory > App registrations, and then select your client application. Select API permissions > Add a permission > ...
Read more >
Using the Permissions API - MDN Web Docs
The Permissions API provides the tools to allow developers to implement a better user ... More features will be added as time progresses....
Read more >
chrome.declarativeNetRequest - Chrome Developers
An extension can add or remove rules dynamically using the updateDynamicRules and the updateSessionRules API methods. Rules added using the updateDynamicRules ...
Read more >
How to block sites from requesting Idle Detection API ... - gHacks
The default setting is set to "ask", which means that sites will request permission from the user each time a site is visited....
Read more >
brave-core: components/permissions ... - Fossies
It tries to block ads and website trackers but displays optionally privacy-respecting advertisements to earn BAT tokens which can be spent to preferred ......
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Change permission UI on Desktop to enable / expose "permission until X" ability

Next page

crash can occur when clicking on the rewards icon (particularly if BAP popup is displayed)