Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Dialog added to ask permissions for webpage #11034

Merged
merged 1 commit into from
Sep 16, 2020
Merged

Conversation

vkjr
Copy link
Contributor

@vkjr vkjr commented Aug 4, 2020

fixes #TBD

Summary

Followup on #11028
On privacy and security page new toggle added "Webview camera permissions request".
When it DISABLED and some page wants camera access - user gets notification that access was blocked.
When it ENABLED and some page wants camera access - user asked if he wants to allow access.

Screenshot 2020-09-10 at 08 52 40

Screenshot 2020-09-10 at 08 52 26

Platforms

  • Android

Areas that maybe impacted

Web browsing

Steps to test

  • Test 1

  • Test 2

    • Go to Privacy and Security page, enable webview camera permission request toggle
    • open chat that contains link https://fatal0.netlify.com/android/webviewvideo.html
    • click the link
    • make sure app asks if you want to deny/allow access request
    • press "Deny", make sure that picture from camera didn't appear on the page
  • Test 3

    • open chat that contains link https://fatal0.netlify.com/android/webviewvideo.html
    • click the link again
    • make sure app asks if you want to deny/allow access request
    • press "Allow", make sure that picture from camera did appear on the page. If camera access wasn't yet provided by system, you will have an additional system permission request.

status: wip

@vkjr vkjr requested a review from a team as a code owner August 4, 2020 13:32
@vkjr vkjr self-assigned this Aug 4, 2020
@vkjr vkjr changed the title Fix/webview behavior Dialog added to ask permissions for webpage Aug 4, 2020
@flexsurfer
Copy link
Member

@vkjr do we give permissions per domain? or for webview and all domains? I would deny any permissions for webview for now

@vkjr
Copy link
Contributor Author

vkjr commented Aug 4, 2020

@flexsurfer, as far as I understood WebView requests for permissions every time when page tries to invoke related js code, for example call navigator.mediaDevices.getUserMedia. So even if you gave permission once, after page reload it will ask you again.

@status-im-auto
Copy link
Member

status-im-auto commented Aug 4, 2020

Jenkins Builds

Click to see older builds (24)
Commit #️⃣ Finished (UTC) Duration Platform Result
✔️ fbdaa17 #2 2020-08-04 15:13:03 ~8 min android 📦apk 📲
✔️ fbdaa17 #2 2020-08-04 15:20:07 ~15 min ios 📦ipa 📲
✔️ fbdaa17 #2 2020-08-04 19:47:08 ~8 min android-e2e 📦apk 📲
✖️ 196579b #3 2020-09-08 09:47:36 ~12 min android 📦apk 📲
✖️ 196579b #3 2020-09-08 09:47:36 ~12 min android-e2e 📦apk 📲
✖️ 196579b #3 2020-09-08 09:49:50 ~14 min ios 📦ipa 📲
92bf239 #4 2020-09-10 10:50:23 ~16 sec android-e2e 📄log
92bf239 #4 2020-09-10 10:50:29 ~20 sec android 📄log
92bf239 #4 2020-09-10 10:50:32 ~21 sec ios 📄log
afc494d #5 2020-09-10 10:52:00 ~10 sec android-e2e 📄log
afc494d #5 2020-09-10 10:52:02 ~10 sec android 📄log
afc494d #5 2020-09-10 10:52:04 ~11 sec ios 📄log
eeb26a8 #6 2020-09-10 16:48:06 ~13 sec android 📄log
eeb26a8 #6 2020-09-10 16:48:07 ~12 sec ios 📄log
eeb26a8 #6 2020-09-10 16:48:13 ~22 sec android-e2e 📄log
✔️ 001c97b #7 2020-09-10 17:05:30 ~11 min android 📦apk 📲
✔️ 001c97b #7 2020-09-10 17:07:13 ~13 min android-e2e 📦apk 📲
✔️ 001c97b #7 2020-09-10 17:11:22 ~17 min ios 📦ipa 📲
✔️ 998d36e #8 2020-09-14 09:02:48 ~8 min android-e2e 📦apk 📲
✔️ 998d36e #8 2020-09-14 09:04:21 ~10 min android 📦apk 📲
✔️ 998d36e #8 2020-09-14 09:08:29 ~14 min ios 📦ipa 📲
✖️ f9dfd53 #9 2020-09-14 17:16:58 ~8 min android-e2e 📦apk 📲
✖️ f9dfd53 #9 2020-09-14 17:18:37 ~10 min android 📦apk 📲
✖️ f9dfd53 #9 2020-09-14 17:23:11 ~14 min ios 📦ipa 📲
Commit #️⃣ Finished (UTC) Duration Platform Result
✔️ dc3bb64 #10 2020-09-14 17:33:13 ~8 min android 📦apk 📲
✔️ dc3bb64 #10 2020-09-14 17:34:23 ~9 min android-e2e 📦apk 📲
✔️ dc3bb64 #10 2020-09-14 17:39:03 ~14 min ios 📦ipa 📲
✔️ a555e44 #11 2020-09-16 09:08:17 ~16 min android-e2e 📦apk 📲
✔️ a555e44 #11 2020-09-16 09:08:19 ~16 min android 📦apk 📲
✔️ a555e44 #11 2020-09-16 09:11:54 ~19 min ios 📦ipa 📲

@vkjr
Copy link
Contributor Author

vkjr commented Aug 5, 2020

@0kok0, what do you think, should we allow camera/mic access at all?

@status-im-auto
Copy link
Member

100% of end-end tests have passed

Total executed tests: 97
Failed tests: 0
Passed tests: 97

Passed tests (97)

Click to expand
1. test_decline_transactions_in_1_1_chat
Device sessions

2. test_delete_chats_via_delete_button
Device sessions

3. test_can_see_all_transactions_in_history
Device sessions

4. test_install_pack_and_send_sticker
Device sessions

5. test_login_with_new_account
Device sessions

6. test_timestamp_in_chats
Device sessions

7. test_password_in_logcat_sign_in
Device sessions

8. test_logcat_recovering_account
Device sessions

9. test_public_chat_clear_history
Device sessions

10. test_need_help_section
Device sessions

11. test_send_and_open_links
Device sessions

12. test_mobile_data_usage_popup_stop_syncing
Device sessions

13. test_keycard_send_eth_in_1_1_chat
Device sessions

14. test_mobile_data_usage_settings
Device sessions

15. test_create_new_group_chat
Device sessions

16. test_keycard_send_eth_to_ens (TestRail link is not found)
Device sessions

17. test_user_can_switch_network
Device sessions

18. test_mobile_data_usage_popup_continue_syncing
Device sessions

19. test_home_view
Device sessions

20. test_open_google_com_via_open_dapp
Device sessions

21. test_share_contact_code_and_wallet_address
Device sessions

22. test_connection_is_secure
Device sessions

23. test_add_to_contacts
Device sessions

24. test_add_account_to_multiaccount_instance_private_key
Device sessions

25. test_refresh_button_browsing_app_webview
Device sessions

26. test_push_notification_1_1_chat
Device sessions

27. test_keycard_send_two_transactions_one_after_another_in_dapp
Device sessions

28. test_can_add_existing_ens
Device sessions

29. test_transaction_wrong_password_wallet
Device sessions

30. test_public_chat_messaging
Device sessions

31. test_unread_messages_counter_public_chat
Device sessions

32. test_keycard_send_eth_from_wallet_to_address
Device sessions

33. test_keycard_fetching_balance_after_offline
Device sessions

34. test_keycard_send_transaction_from_daap
Device sessions

35. test_text_message_1_1_chat
Device sessions

36. test_can_use_purchased_stickers_on_recovered_account
Device sessions

37. test_open_transaction_on_etherscan
Device sessions

38. test_onboarding_screen_when_requesting_tokens_for_recovered_account
Device sessions

39. test_contact_profile_view
Device sessions

40. test_offline_add_new_group_chat_member
Device sessions

41. test_logcat_backup_recovery_phrase
Device sessions

42. test_can_recover_keycard_account_card_pairing
Device sessions

43. test_start_chat_with_ens
Device sessions

44. test_add_and_remove_contact_from_public_chat
Device sessions

45. test_add_account_to_multiaccount_instance_seed_phrase
Device sessions

46. test_open_blocked_site
Device sessions

47. test_open_chat_by_pasting_public_key
Device sessions

48. test_pair_devices_sync_one_to_one_contacts_public_chat
Device sessions

49. test_keycard_sign_message_from_daap
Device sessions

50. test_send_non_english_message_to_newly_added_contact
Device sessions

51. test_ens_username_recipient
Device sessions

52. test_fetch_more_history_in_empty_chat
Device sessions

53. test_open_public_chat_using_deep_link
Device sessions

54. test_switch_users_and_add_new_account
Device sessions

55. test_add_account_to_multiaccount_instance_generate_new
Device sessions

56. test_copy_contact_code_and_wallet_address
Device sessions

57. test_send_transaction_from_daap
Device sessions

58. test_send_two_transactions_one_after_another_in_dapp
Device sessions

59. test_image_in_one_to_one_send_save_reply
Device sessions

60. test_add_new_keycard_account_and_login
Device sessions

61. test_long_press_delete_clear_all_dapps
Device sessions

62. test_copy_and_paste_messages
Device sessions

63. test_back_forward_buttons_browsing_website
Device sessions

64. test_password_in_logcat_creating_account
Device sessions

65. test_sign_message_from_daap
Device sessions

66. test_dapps_permissions
Device sessions

67. test_request_public_key_status_test_daap
Device sessions

68. test_long_press_to_delete_chat
Device sessions

69. test_log_level_and_fleet
Device sessions

70. test_add_and_delete_watch_only_account_to_multiaccount_instance
Device sessions

71. test_recover_account_from_new_user_seedphrase
Device sessions

72. test_send_transaction_with_custom_token
Device sessions

73. test_send_eth_in_1_1_chat
Device sessions

74. test_send_two_transactions_in_batch_in_dapp
Device sessions

75. test_ens_in_public_and_1_1_chats
Device sessions

76. test_block_user_from_public_chat
Device sessions

77. test_fetching_balance_after_offline
Device sessions

78. test_offline_status
Device sessions

79. test_wallet_set_up
Device sessions

80. test_manage_assets
Device sessions

81. test_offline_messaging_1_1_chat
Device sessions

82. test_account_recovery_with_uppercase_recovery_phrase
Device sessions

83. test_send_token_with_7_decimals
Device sessions

84. test_user_can_see_all_own_assets_after_account_recovering
Device sessions

85. test_pass_phrase_validation
Device sessions

86. test_keycard_can_see_all_transactions_in_history
Device sessions

87. test_keycard_send_two_transactions_in_batch_in_dapp
Device sessions

88. test_send_emoji
Device sessions

89. test_filters_from_daap
Device sessions

90. test_redirect_to_public_chat_tapping_tag_message
Device sessions

91. test_restore_account_from_mnemonic_to_keycard
Device sessions

92. test_send_eth_to_ens_in_chat
Device sessions

93. test_send_eth_from_wallet_to_address
Device sessions

94. test_request_and_receive_stt_in_1_1_chat_offline
Device sessions

95. test_messaging_in_different_networks
Device sessions

96. test_collectible_from_wallet_opens_in_browser_view
Device sessions

97. test_insufficient_funds_wallet_positive_balance
Device sessions

@0kok0
Copy link

0kok0 commented Aug 5, 2020

@vkjr if we add camera/mic permission, we have to take care protecting against permission sniffing/bypass/spoofing/... in webview.

As a user, i would probably expect it to work for example when using some webrtc app, but I would be positively surprised by a message like:
"the website you have visited asked for permission to access your camera/microphone.
By default, the status browser does not grant such permission to any website to protect your privacy.
You can change the default behavior here (link settings/privacy and security)."

If we, by default, disallow it globally, i'd call it a security feature (tor browser does that).
We can still add it if requested by users/dapps. @hesterbruikman wdyt?

@hesterbruikman
Copy link
Contributor

Disable by default makes sense.

It would add a feature in Privacy and security > Privacy
Something like an disable/enable toggle:
Camera access in browser > switched to disable by default

cc @errorists

@vkjr
Copy link
Contributor Author

vkjr commented Aug 6, 2020

@hesterbruikman, maybe switch like Allow browser request camera/mic permissions? I think we shouldn't have a switch that automatically allows camera on ANY site.

@errorists
Copy link
Contributor

I believe it should always ask you for a permission without a permanent switch. Maybe whitelisting domains, but even then I'd have a time limit like Allow from XYZ for the next 24 hours

Screenshot 2020-08-06 at 08 48 23

@0kok0
Copy link

0kok0 commented Aug 6, 2020

@hesterbruikman, maybe switch like Allow browser request camera/mic permissions? I think we shouldn't have a switch that automatically allows camera on ANY site.

There's a misunderstanding. The settings switch is to enable a popup as sketched by @errorists in the first place.

I believe it should always ask you for a permission without a permanent switch

Definitely. The settings switch is supposed to ask the user for "permission for being asked for permission" so to say. The default would just be to block websites that request camera/mic access to protect user privacy as like in e.g. the Tor Browser.

@@ -102,6 +105,26 @@
:accessibility-label :modal-chat-button}
[icons/icon :main-icons/message]]]))

(defn show-access-request [resources on-allow on-deny]
(utils/show-confirmation {:title (i18n/label :t/permission-request)
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Consider that window.title can be reset, spoofed, might not be unique and can be reused by other pages if the permission is persistent, same goes window.location.

@hesterbruikman
Copy link
Contributor

@0kok0 Can you articulate the privacy risk in case camera use is not blocked by default? i.e. the risk of having always request permission as a default opposed to always blocked and not able to request permission, unless granted the right to request permission

@0kok0
Copy link

0kok0 commented Aug 7, 2020

always request permission as a default opposed to always blocked and not able to request permission, unless granted the right to request permission

Securitywise, disabling permission requests completely yields a different level of security compared to asking for permission. There's no permission-request-bypass, if permissions are disabled.

In a broader sense, the issue boils down to the idea that asking a permission is not a neutral act, but setting an agenda and attracting/distracting the users attention, not necessarily for a good reason.

There's an extreme present with websites/services asking for permission to access my location. I, as a user, would like to not be bothered by any pizza delivery if they can access my GPS while I'm visiting their site. It's not that bad with camera access, but similar. This is especially relevant for a privacy browser, which might not be my default to do online shopping, but the browser I use to interact with Dapps. As a privacy affine user, I'd the browser that handles my tokens not to ask me for potentially invasive permissions.

I don't like the idea of the browser just not reacting and leaving a part of the site empty when the permission request is suppressed. I'd add a small popup, informing users "a request to access your camera by this site has been blocked".
When I use Firefox/brave or some extensions, this info off stuff being kept away from me by the software I use, is very rewarding at times.

Also I want to make sure, I'm not arguing for rejecting all camera access requests, I'm asking to give the user the option to make an informed decision about the default behavior and their UX, if their status browser is supposed to act as every other browser or as something that passively keeps requests, popups and the like away from them.

@vkjr
Copy link
Contributor Author

vkjr commented Aug 14, 2020

So per additional discussion with @hesterbruikman this PR goes following way:

  • Toggle should be added in security settings that enables camera permission requests in a webview (disabled by default)
  • When page requests camera access and toggle is ENABLED - permission automatically declines and app shows a notification that it was declined
  • When page requests camera access and toggle is DISABLED - app shows dialog allowing user to accept or deny permission request.

@vkjr vkjr changed the title Dialog added to ask permissions for webpage [WIP] Dialog added to ask permissions for webpage Aug 18, 2020
@vkjr vkjr force-pushed the fix/webview_behavior branch 2 times, most recently from eeb26a8 to 001c97b Compare September 10, 2020 16:53
@vkjr vkjr changed the title [WIP] Dialog added to ask permissions for webpage Dialog added to ask permissions for webpage Sep 10, 2020
@status-im-auto
Copy link
Member

98% of end-end tests have passed

Total executed tests: 99
Failed tests: 2
Passed tests: 97
IDs of failed tests: 6228, 6265 

Failed tests (2)

Click to expand
1. test_mobile_data_usage_popup_stop_syncing, id: 6228

Device 1: Looking for full text: 'Stop syncing'
Device 1: Looking for full text: 'No Wi-fi, message syncing disabled.'

Device 1: 'BaseElement' is not found on the screen

Device sessions

2. test_decline_transactions_in_1_1_chat_push_notification_changing_state, id: 6265

Device 2: ChatMessageInput element not found
Device 2: Looking for a message by text: '↓ Incoming transaction'

Device 2: 'DeclineTransaction' is not found on the screen

Device sessions

Passed tests (97)

Click to expand
1. test_delete_chats_via_delete_button, id: 5387
Device sessions

2. test_can_see_all_transactions_in_history, id: 5314
Device sessions

3. test_install_pack_and_send_sticker, id: 5782
Device sessions

4. test_login_with_new_account, id: 5312
Device sessions

5. test_timestamp_in_chats, id: 5385
Device sessions

6. test_password_in_logcat_sign_in, id: 5415
Device sessions

7. test_logcat_recovering_account, id: 5366
Device sessions

8. test_public_chat_clear_history, id: 5386
Device sessions

9. test_need_help_section, id: 5391
Device sessions

10. test_send_and_open_links, id: 5373
Device sessions

11. test_keycard_send_eth_in_1_1_chat, id: 6293
Device sessions

12. test_mobile_data_usage_settings, id: 6229
Device sessions

13. test_create_new_group_chat, id: 3994
Device sessions

14. test_keycard_send_eth_to_ens, id: 6295
Device sessions

15. test_user_can_switch_network, id: 5299
Device sessions

16. test_mobile_data_usage_popup_continue_syncing, id: 5741
Device sessions

17. test_home_view, id: 5379
Device sessions

18. test_open_google_com_via_open_dapp, id: 5320
Device sessions

19. test_share_contact_code_and_wallet_address, id: 5323
Device sessions

20. test_connection_is_secure, id: 5402
Device sessions

21. test_add_to_contacts, id: 5316
Device sessions

22. test_add_account_to_multiaccount_instance_private_key, id: 6272
Device sessions

23. test_refresh_button_browsing_app_webview, id: 5354
Device sessions

24. test_push_notification_1_1_chat, id: 6283
Device sessions

25. test_keycard_send_two_transactions_one_after_another_in_dapp, id: 6288
Device sessions

26. test_can_add_existing_ens, id: 5502
Device sessions

27. test_transaction_wrong_password_wallet, id: 5408
Device sessions

28. test_public_chat_messaging, id: 5313
Device sessions

29. test_unread_messages_counter_public_chat, id: 5360
Device sessions

30. test_keycard_send_eth_from_wallet_to_address, id: 6289
Device sessions

31. test_keycard_fetching_balance_after_offline, id: 6290
Device sessions

32. test_keycard_send_transaction_from_daap, id: 6249
Device sessions

33. test_text_message_1_1_chat, id: 5305
Device sessions

34. test_can_use_purchased_stickers_on_recovered_account, id: 5783
Device sessions

35. test_open_transaction_on_etherscan, id: 5384
Device sessions

36. test_send_audio_message_with_push_notification_check, id: 6316
Device sessions

37. test_onboarding_screen_when_requesting_tokens_for_recovered_account, id: 5677
Device sessions

38. test_contact_profile_view, id: 5382
Device sessions

39. test_offline_add_new_group_chat_member, id: 3998
Device sessions

40. test_logcat_backup_recovery_phrase, id: 5419
Device sessions

41. test_can_recover_keycard_account_card_pairing, id: 5758
Device sessions

42. test_start_chat_with_ens, id: 5403
Device sessions

43. test_add_and_remove_contact_from_public_chat, id: 5332
Device sessions

44. test_add_account_to_multiaccount_instance_seed_phrase, id: 6271
Device sessions

45. test_open_blocked_site, id: 6210
Device sessions

46. test_open_chat_by_pasting_public_key, id: 5304
Device sessions

47. test_pair_devices_sync_one_to_one_contacts_public_chat, id: 5762
Device sessions

48. test_keycard_sign_message_from_daap, id: 6251
Device sessions

49. test_send_non_english_message_to_newly_added_contact, id: 5315
Device sessions

50. test_ens_username_recipient, id: 5406
Device sessions

51. test_fetch_more_history_in_empty_chat, id: 6205
Device sessions

52. test_open_public_chat_using_deep_link, id: 5396
Device sessions

53. test_switch_users_and_add_new_account, id: 5356
Device sessions

54. test_add_account_to_multiaccount_instance_generate_new, id: 6224
Device sessions

55. test_copy_contact_code_and_wallet_address, id: 5375
Device sessions

56. test_send_transaction_from_daap, id: 5309
Device sessions

57. test_send_two_transactions_one_after_another_in_dapp, id: 5744
Device sessions

58. test_image_in_one_to_one_send_save_reply, id: 6305
Device sessions

59. test_add_new_keycard_account_and_login, id: 5689
Device sessions

60. test_long_press_delete_clear_all_dapps, id: 5390
Device sessions

61. test_copy_and_paste_messages, id: 5317
Device sessions

62. test_back_forward_buttons_browsing_website, id: 5321
Device sessions

63. test_password_in_logcat_creating_account, id: 5414
Device sessions

64. test_sign_message_from_daap, id: 5342
Device sessions

65. test_dapps_permissions, id: 5738
Device sessions

66. test_request_public_key_status_test_daap, id: 5397
Device sessions

67. test_long_press_to_delete_chat, id: 5319
Device sessions

68. test_log_level_and_fleet, id: 5368
Device sessions

69. test_reactions_to_message_in_chats, id: 6315
Device sessions

70. test_add_and_delete_watch_only_account_to_multiaccount_instance, id: 6244
Device sessions

71. test_recover_account_from_new_user_seedphrase, id: 6296
Device sessions

72. test_send_transaction_with_custom_token, id: 6208
Device sessions

73. test_send_eth_in_1_1_chat, id: 6253
Device sessions

74. test_send_two_transactions_in_batch_in_dapp, id: 5743
Device sessions

75. test_ens_in_public_and_1_1_chats, id: 6226
Device sessions

76. test_block_user_from_public_chat, id: 5786
Device sessions

77. test_fetching_balance_after_offline, id: 6237
Device sessions

78. test_offline_status, id: 5326
Device sessions

79. test_wallet_set_up, id: 5335
Device sessions

80. test_manage_assets, id: 5341
Device sessions

81. test_offline_messaging_1_1_chat, id: 5310
Device sessions

82. test_account_recovery_with_uppercase_recovery_phrase, id: 5394
Device sessions

83. test_send_token_with_7_decimals, id: 5350
Device sessions

84. test_user_can_see_all_own_assets_after_account_recovering, id: 5381
Device sessions

85. test_pass_phrase_validation, id: 5363
Device sessions

86. test_keycard_can_see_all_transactions_in_history, id: 6291
Device sessions

87. test_keycard_send_two_transactions_in_batch_in_dapp, id: 6287
Device sessions

88. test_send_emoji, id: 5328
Device sessions

89. test_filters_from_daap, id: 5353
Device sessions

90. test_redirect_to_public_chat_tapping_tag_message, id: 5675
Device sessions

91. test_restore_account_from_mnemonic_to_keycard, id: 6240
Device sessions

92. test_send_eth_to_ens_in_chat, id: 6279
Device sessions

93. test_send_eth_from_wallet_to_address, id: 5308
Device sessions

94. test_request_and_receive_stt_in_1_1_chat_offline, id: 6263
Device sessions

95. test_messaging_in_different_networks, id: 5338
Device sessions

96. test_collectible_from_wallet_opens_in_browser_view, id: 5346
Device sessions

97. test_insufficient_funds_wallet_positive_balance, id: 5412
Device sessions

@@ -103,6 +103,12 @@
:preview-privacy? (boolean private?)
{})))

(fx/defn switch-webview-permission-requests?
[{:keys [db] :as cofx} enabled?]
(multiaccounts.update/multiaccount-update cofx
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

can we move cofx to the next line, that would help to keep it in 80 chars range

:style styles/blocked-access-button
:on-press (fn []
(components.permissions/request-permissions
{:permissions (map #(get resources-to-permissions-map %) resources)
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

resources-to-permissions-map is never nil so it safe to go with (map resources-to-permissions-map resources)

:active webview-allow-permission-requests?
:accessory :switch
:subtitle (i18n/label :t/webview-camera-permission-requests-subtitle)
:subtitle-max-lines 2
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

map alignment

@churik
Copy link
Member

churik commented Sep 14, 2020

@vkjr what about IOS?
IOS build also has the same setting in Profile, but it does nothing.
If it will be implemented separately, IMO better to hide it to avoid confusion otherwise to make it similar to Android.

@churik churik self-assigned this Sep 14, 2020
@vkjr
Copy link
Contributor Author

vkjr commented Sep 14, 2020

@churik, thanks, you are absolutely right! It won't be implemented separately since on ios there is on permission requests from webview. So we definitely need to hide it from settings!

@vkjr
Copy link
Contributor Author

vkjr commented Sep 15, 2020

@churik, it is hidden now for ios

@churik
Copy link
Member

churik commented Sep 15, 2020

Tested on Android 10, Android 8:

  • setting by default is disabled
  • website is asking every time if you enable permission when open chat (from browser history, from chat, by entering URL)
  • denying access
  • allowing access
  • 'Webview camera permission requests' is preserved after relogin
  • no 'Webview camera permission requests' on IOS
  • camera is disbled on IOS

Signed-off-by: Volodymyr Kozieiev <vkjr.sp@gmail.com>
@vkjr vkjr merged commit a955200 into develop Sep 16, 2020
@vkjr vkjr deleted the fix/webview_behavior branch September 16, 2020 09:18
@0kok0
Copy link

0kok0 commented Sep 16, 2020

Awesome work @vkjr

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
No open projects
Archived in project
Development

Successfully merging this pull request may close these issues.

8 participants