Consume user activation in element.requestFullscreen()
#153
Conversation
foolip
force-pushed
the
consume-user-activation
branch
from
a8e5d45
to
a07aff5
Compare
foolip
changed the title
element.requestFullscreen()element.requestFullscreen()
foolip
force-pushed
the
consume-user-activation
branch
from
a07aff5
to
e4b2cc3
Compare
|
Thanks, this looks good from user activation perspective. |
|
web-platform-tests/wpt#16758 has been merged into wpt repository. |
fullscreen.bs
Outdated
| @@ -270,6 +270,9 @@ when invoked, must run these steps: | |||
| <li><p>This algorithm is <a>allowed to request fullscreen</a>. | |||
| </ul> | |||
|
|
|||
| <li><p>If <var>error</var> is false, then <a>consume user activation</a> for | |||
There was a problem hiding this comment.
FYI: This should now point to the newly added definition of consumption. Not sure why the PR preview doesn't show a link.
There was a problem hiding this comment.
Looks like the preview is correctly pointing to the HTML spec link now.
There was a problem hiding this comment.
I wanted to approve this PR, but apparently I don't have permission to do that! @domenic?
|
@foolip, can we help move this along? I'm happy to rebase it and also take care of any changes after #208. This would probably solve the issue @marcoscaceres raises in web-platform-tests/wpt#36727 of giving a cross-browser way of consuming user activation. |
|
I guess it depends on what features/API calls follow a call to I'm simultaneously hoping we can prevent the Screen Orientation API (which depends on FS API) from arbitrarily changing the screen orientation without a user gesture. If you have an Android device handy, try this out in Chrome: (if you can't try it out, it loops rapidly changing the screen orientation making it difficult of users to access the browsers UI - you need to either turn off the screen or quickly swipe from the bottom to stop it). I personally don't think the above behavior should be acceptable for any API to do on the Web. So, I was hoping we wouldn't consume the user activation in FS API, but rather have the Screen Orientation API consume the user activation. Alternatively, we could have it consume the user activation if #186 was in place, all in one go. The advantage being that it wouldn't breaking any sites that are depending on FS API to not consuming the user activation. For pointerlock, maybe a solution like #186 could also work. You request them all at once, and exiting fulls screen releases all the locks. |
|
Currently, Gecko also consume the user activation as we had received a bug of trapping the user in fullscreen mode, which invites DOS and spoofing possibilities. And for pointer lock, we allow it without a vaild user activation if document is in fullscreen mode. |
|
Discussing with my WebKit colleagues... but if both Gecko and Chromium consume it, we may follow suit. Let me get back to you.
That is contrary to what is in the Pointer Lock spec, right? Why don't we just link the actions together via a mechanism like in #186? (also, we should really rewrite the pointer lock spec to integrate properly with the Full Screen API) |
foolip
force-pushed
the
consume-user-activation
branch
from
e4b2cc3
to
5bd6d6f
Compare
Chrome originally proposed this consumption behavior to prevent a spoof, see https://crbug.com/852645.
IIRC Chrome added a similar hack to support some compat argument, can't recall any details! Yes, #186 would be nice. (Edited to fix the bug link) |
|
#186 sounds reasonable to me. |
|
@EdgarChen, if we go with something like #207 (new dictionary member), would you be willing to remove the pointerLock workaround in Firefox? That way, we can just have a consistent model across three specs. Similar question for Chrome folks. I'm willing to spec that up if everyone is supportive. |
To clarify this a bit more: This is not a workaround added for consuming user activation, we behave the same all the way back to Firefox 22 at least (before the current user activation model in spec is proposed). I am worried that removing this would cause compatibility problem. :( |
|
@foolip, could you kindly please update the PR to use the "new" PR template? (I don't have the ability to edit the top comment) Also, will you be updating any affected tests? |
|
@marcoscaceres there are 3 tests in wpt that are tentative due to #152: https://github.com/web-platform-tests/wpt/blob/master/fullscreen/api/element-request-fullscreen-twice-manual.tentative.html But I think with consuming, this can be reduced to just the first test, ensuring the second call is rejected. |
|
Filed WebKit bug: Thanks for the details about the tests, @foolip. If those can get updated and changed to non-tentative, that would be great. |
This makes a bunch of other tests redundant, as they're also calling requestFullscreen() twice, and should all fail in exactly the same way. element-request-fullscreen-same-manual.html is also converted to ensure that a second call in a new click does work, to ensure the failure isn't because the element is the same as the fullscreen element. Follows whatwg/fullscreen#153.
|
I have a feeling that there is nothing wrong to allow |
This makes a bunch of other tests redundant, as they're also calling requestFullscreen() twice, and should all fail in exactly the same way. element-request-fullscreen-same-manual.html is also converted to ensure that a second call in a new click does work, to ensure the failure isn't because the element is the same as the fullscreen element. Follows whatwg/fullscreen#153.
foolip
added
the
impacts documentation
|
@upsuper I think you're right about that, since the page script already has full control over what's being presented and could replace all the contents of the current fullscreen element. However, that'd be a change from the currently implemented behavior, and I'd prefer to handle that separately from this. Can you file an issue if you think we should change that? |
|
@marcoscaceres test PR is up and the whole PR template is filled in now. |
|
Thanks @foolip! Everything looks great. |
https://bugs.webkit.org/show_bug.cgi?id=247920 rdar://102355401 Reviewed by Youenn Fablet. Matches Chrome & Firefox implementations, we should reset the activation timestamps when requesting fullscreen. This disallows double non-user initiated requestFullscreen calls. Spec PR: whatwg/fullscreen#153 WPT upstream revision: web-platform-tests/wpt@897b406 * LayoutTests/imported/w3c/web-platform-tests/fullscreen/api/element-request-fullscreen-consume-user-activation-expected.txt: Added. * LayoutTests/imported/w3c/web-platform-tests/fullscreen/api/element-request-fullscreen-consume-user-activation.html: Added. * LayoutTests/imported/w3c/web-platform-tests/fullscreen/api/element-request-fullscreen-same-element-expected.txt: Added. * LayoutTests/imported/w3c/web-platform-tests/fullscreen/api/element-request-fullscreen-same-element.html: Added. * LayoutTests/imported/w3c/web-platform-tests/fullscreen/api/w3c-import.log: * LayoutTests/platform/mac-wk1/imported/w3c/web-platform-tests/fullscreen/api/element-request-fullscreen-same-element-expected.txt: Added. * Source/WebCore/dom/FullscreenManager.cpp: (WebCore::FullscreenManager::requestFullscreenForElement): Canonical link: https://commits.webkit.org/257554@main
|
This is now also implemented in WebKit. @foolip, anything left to get this merged? |
foolip
force-pushed
the
consume-user-activation
branch
from
616380c
to
50786c2
Compare
Depends on whatwg/html#3851. Fixes #152.
foolip
force-pushed
the
consume-user-activation
branch
from
50786c2
to
e1ab822
Compare
|
@marcoscaceres sorry I totally dropped the ball here. I've updated the PR and all I need now is review from someone with write access. Paging @annevk, as @domenic seems to be OOO today. |
|
Thanks @annevk! Let me try inverting the preceding steps and see if you like that. |
Depends on whatwg/html#3851.
Fixes #152.
element.requestFullscreen()#153 (comment)element.requestFullscreen()#153 (comment)(See WHATWG Working Mode: Changes for more details.)
Preview | Diff