Summary: It seems we prematurely shipped the .revoke() method on the
Permissions API before it was stable or deciding if we even wanted it in the
platform.
For those that don't know it: navigator.permission.revoke() allows a site to
self-revoke a permission after a user has granted that permission. For example,
a user may grant foo.com access to geolocation, but upon signing out of a site,
a site might call .revoke({name:"geolocation"}) so that the next user to log
into the site doesn't automatically get access to geolocation (as permissions
are bound to origin).
A few folks (who can chime in) working on the standard have raised concerns
about the API, so we would like to suggest we put it behind a pref for now.
Particularly, using in-browser user profiles can handle the above use case
without a site taking away a user's decision.
There is consensus that .query() is beneficial, so that one can remain.
Bug:
https://bugzilla.mozilla.org/show_bug.cgi?id=1295877
Link to standard:
https://w3c.github.io/permissions/#dom-permissions-revoke
Platform coverage: All.
Estimated or target release: Firefox 51
Preference behind which this will be implemented:
dom.permissions.revoke.enable
_______________________________________________
dev-platform mailing list
[email protected]
https://lists.mozilla.org/listinfo/dev-platform
