@clelland @RByers @mounirlamouri, any concerns?

If I don't hear any, I'll merge this and @riju will update the Chrome's implementation accordingly.

Looks reasonable to me. Is the plan to add a feature control hook later?

The only forwards-incompatibility I can see with Feature Policy here is that if a deeply nested frame happens to be same-origin with the top-document, then it will be granted access to the API by default, while feature policy would disallow that.

That is, in an A->B->A embedding scenario, both the top-level and the innermost frame would be able to use the battery API. With feature policy, the inner frame wouldn't be allowed to use it, unless the top-level doc granted it to the middle frame, which then further granted it to the inner one.

(That is, feature policy would allow access to same-origin children -- and their same-origin children, and so on -- but not to arbitrary same-origin descendent frames)

Do we have any idea of how common it is to have x-origin iframe usage of the Battery API? Said otherwise, are we sure we are not breaking a real use case? Are we sure this change is even web compatible?

Thanks for your comments!

Is the plan to add a feature control hook later?

@RByers, that was my initial plan. That said, we could consider adding the hook on the same pass, there's just one procedural issue that need to be cleared:

The Feature Policy spec is currently in incubation, and having an unstable normative reference might be an issue if we want to advance the Battery Status API to Candidate Recommendation and beyond.

@dontcallmedom to confirm whether we could make an exception here.

Do we have any idea of how common it is to have x-origin iframe usage of the Battery API?

@mounirlamouri, I'd like to know as well, but I don't have any data.

If we care strongly about this, would Chrome be fine with us adding telemetry to figure out how common x-origin iframe usage is?

A->B->A embedding scenario

@clelland, I'd expect many other platform features be similarly impacted? If so, I wouldn't be concerned about this case at hand specifically.

Couple of questions to @clelland et al.:

Feature Policy "v1" shipped in Chrome M62. Does it have all the features implemented we'd need for this spec to integrate with it?

Do you have established conventions for spec authors on how to hook into the Feature Policy spec the right way. I'm looking for normative spec language I could borrow similarly to e.g. https://w3c.github.io/webappsec-secure-contexts/#new This helps keep specs consistent.

Thanks!

re CR transition with a reference to an unstable spec - this won't block transition to CR (although we would want to highlight it in the transition request), but may block transition to PR. That being said, transition to PR needs a 2nd implementation we don't have yet.

Thanks for the confirmation @dontcallmedom.

With that, I'd be happy to hook this spec into the Feature Policy spec when shown the preferred conventions in doing so.

@anssiko -- I think that we do have all of the features implemented in Chromium to do that. As long as the plan is just to reject the promise when disallowed, then it should be pretty simple.

I've written up a spec integration guide at https://github.com/WICG/feature-policy/blob/gh-pages/integration.md -- it's not strictly normative, but take a look and see if gives you enough guidance for the wording. If there's anything that I can add to that to help you out, I'm glad to do it.

@clelland, thanks, the integration guide is very helpful.

I added Feature Policy integration in c2083ad, PTAL. See also the preview.

(I assumed the integration guide means "SecurityError" DOMException.)

@anssiko: Yes, that should totally read SecurityError DOMException, thanks :) PR fired. The actual error, though, should be whatever makes sense for the API -- whether rejecting a promise, or returning an error code, the important thing is just defining some way for the API to fail when disabled.

This change LGTM, though -- thanks!

@mounirlamouri PTAL and merge this PR if you're happy.

@mounirlamouri, gentle ping.

Others on this PR seem to be fine with this change, would like to get your explicit OK prior to merging.

@mounirlamouri, we'll merge this PR unless we hear concerns from you by next Tuesday 24 Oct, to be followed by a corresponding patch to Chromium.

@Honry, as we prepare for this PR to land, could you evaluate the gaps in the battery-status test suite (in the spirit of test as you commit, soon to be adopted for all deliverables), and update the test suite accordingly? Even if I see my name in OWNERS, I may not have the cycles to pull off the test suite update at this time, and I'd +1 you to become an owner for the battery status test suite.

On a quick glimpse, I think we need to update the iframe tests and add new tests the Feature Policy integration, and test interesting edge cases such as #13 (comment)

@foolip, this is another API that needs a bunch of manual tests due to its inherent nature, similarly to Vibration API. Is the following guide still considered the state of the art in manual w-p-t testing? :-)

http://web-platform-tests.org/writing-tests/manual.html

@anssiko, according to the test as you commit policy, would you please add a label "needs tests" to this PR?

I will add a corresponding PR in w-p-t to reflect the changes and involve my name in OWNERS file.
Then revisit current test coverage. :)

would you please add a label "needs tests" to this PR?

Done. Thanks for your help updating this test suite too!

I will add a corresponding PR in w-p-t to reflect the changes and involve my name in OWNERS file.

Done at web-platform-tests/wpt#7944, PTAL.

Sorry for the delay Anssi :( I still disagree with this change as I think it's curing thy symptoms, not the disease. The API should have an implementation that is privacy friendly.

This said, in practice, my main concern is whether this will break web pages. Was a use counter added into Chrome to discover how large the impact of this change would be and whether the deprecation is web-compatible? I don't think we can disable this in Chrome without this information.

@mounirlamouri, I don't think we've added a use counter for that into Chrome.

When we were looking at a similar behaviour change for the Fullscreen API, I think we added one that fired every time a same-origin page was blocked from entering fullscreen.

We could add a similar counter here for battery-status, as well as one that fires when a same-origin-as-root-but-embedded-cross-origin page successfully uses the API. If we do it quickly enough, we should be be able to get that change merged for M63, to get some actual data before the end of the year.

I think something that checks the usage in x-origin iframe and another for same origin should be enough.

So Chrome doesn't currently restrict getBattery at all. Fully complying with this change would block the API in Chrome:

• in all insecure contexts
• in any frame which is at a different origin than its parent (without an appropriate feature policy)
• in any frame which is at a different origin than the top-level document (again, without an appropriate feature policy)

If we add counters for those situations, then we should have a good idea how much usage would be broken by adopting this change (and also adopting the current spec as-is).

(Also, this is Chrome-specific, but both caniuse and the API confluence dashboard suggest that the API is not implemented anywhere else -- if that's wrong, it could change the 'web-compatible' calculation quite a bit)

(Here's an HTML diff comparing this branch with gh-pages to ease review, e.g. at F2F. I enabled pr-preview to automate this for any subsequent PRs.)

@clelland, thanks for your comments! I integrated your suggestion and pushed an update. At F2F, we can gauge whether we have consensus to land this and update the implementation(s) accordingly. I invited @mounirlamouri to join as well.

F2F Resolution: https://www.w3.org/2018/10/22-dap-minutes.html#x05

(Rebased with gh-pages and fixed merge conflicts in a9e3c94.)

Time for the annual update to this issue ☺️

There are the following battery use counters invoked in getBattery.

In percentages of Chrome page loads (across all channels and platforms) that use the corresponding feature at least once, as of today:

• 18.474067% BatteryStatusGetBattery
• 4.141155% BatteryStatusCrossOrigin
• 1.652762% BatteryStatusInsecureOrigin
• 0.004663% BatteryStatusSameOriginABA

The Devices and Sensors Working Group just discussed Battery Status, and agreed to the following:

• RESOLUTION: Replace SecurityError with NotAllowedError in step 2 of getBattery() algorithm and merge #13.

Merging this PR per F2F resolution #13 (comment). This branch includes 3e08915 that was part of the resolution.

Thanks to @Honry, now also Feature Policy section is updated. Consider #24 to be a part of this PR.

• web-platform-tests Add feature-policy to battery-status web-platform-tests/wpt#7944
• Chromium https://crbug.com/1007264