-
Notifications
You must be signed in to change notification settings - Fork 65
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Enable Only for PWA ? #40
Comments
For a variety of reasons we generally don't want to gate entire features behind being an installed PWA. Just having an extra prompt (to install the app) doesn't seem like it would be much of a barrier if most users would click "Yes" anyway (and for filesystem access just clicking "Yes" won't necessarily be enough anyway. Getting access generally involves a file or directory picker where the user has to explicitly pick entries). @dominickng might be able to explain better why guarding entire features behind being an installed PWA doesn't seem like a good idea. |
Gating APIs only to running in PWA mode is undesirable for a number of reasons:
As @mkruisselbrink said, we shouldn't just have a straight prompt to blindly allow filesystem access - the user should have to explicitly choose a directory/file from a picker to grant access to. |
Web Fragmentation is indeed not a desirable thing. Closing as the arguments raised by @dominickng are accurate. |
Reading the current security model I had the same concerns as pointed here Potentially Unwanted Programs Scan
I was wondering if this feature should only be enabled when apps are running in PWA mode ?
My fear is that most users could be tempted to click "Yes" on some websites when the browser prompt to access FileSystem because they aren't exactly aware of what consequences it will have on their system.
Instead , having an app that prompt to be installed first and then prompt for permission to access file system would really raise the user attention and the risk involved with it.
Requiring apps to installed seems coherent in my opinion as most apps that would truly benefits from this feature are productivity based apps , typically the ones showcased on Electron Website.
Those apps generally have been designed with "Desktop" in mind, so forcing PWA would just align with how those applications have been designed while increasing security.
The text was updated successfully, but these errors were encountered: