[Web Install] Is `install()` or `getInstalledApps()` allowed from subframes?

MicrosoftEdge / MSEdgeExplainers

Home for explainer documents originated by the Microsoft Edge team

Creative Commons Attribution 4.0 International

1.31k stars 216 forks source link

[Web Install] Is `install()` or `getInstalledApps()` allowed from subframes? #786

Closed amandabaker closed 7 months ago

amandabaker commented 7 months ago

To reduce fingerprinting risk, I assumed that navigator.install() and navigator.getInstalledApps() would not be allowed from subframes. Is there any reason that it should be allowed, and if so, do we need to modify getInstalledApps() to mitigate the fingerprinting risk?

cc @diekus @Kbhlee2121

diekus commented 7 months ago

No they cannot. Quoting the explainer: "This API can only be invoked in a top-level navigable and be invoked from a secure context."