Skip to content

Re-review Permissions API

This came up when looking at bugzilla bug 1609427, where they expanded the Permissions.query API to allow for microphone and camera permission queries. It seems they had some fingerprinting considerations upstream already to ensure that we do not distinguish between "granted" and "prompt".

However, it is not clear how we are protected against Permissions.query calls that iterate over each feature to see if they are supported or not (API throws or not) that would reveal hardware capabilities. See the example in https://developer.mozilla.org/en-US/docs/Web/API/Permissions/query.

NOTE: we have the permissions.memory_only preference, and #21569 (closed), which was likely replaced by upstream changes. However, as far as I can tell these are focused on isolating and not persisting permissions, rather than capabilities.

We should find out whether this API can reveal hardware capabilities or not (prior to a user being prompted). I imagine this has been looked into before, and TZP tests a subset of permissions. So there's a good chance that they do not, but I couldn't find any references to this from a quick search of the permission code.

@thorin, @pierov or @morgan do you recollect anything about this from the past?

To upload designs, you'll need to enable LFS and have an admin enable hashed storage. More information