search

WebView-CG / usage-and-challenges

Documenting usage scenarios for WebView and the challenges they create
https://webview-cg.github.io/usage-and-challenges/
Other
12 stars 4 forks source link

Disable web platform features and web APIs #29

Open muodov opened 2 years ago

muodov commented 2 years ago

Disable web platform features and APIs

Submitter(s)

Maxim Tsoy, DuckDuckGo

Motivation

Depending on the use-case, (native) app developers may want to disable certain APIs available to the web content. For example, DuckDuckGo apps would like to disable some APIs, such as Battery API, considered dangerous for users' privacy.

Stakeholders

WebView vendors, app developers

Analysis

Currently the only way to block certain APIs is via JS injections, which have certain limitations (see #20)

Related W3C deliverables and/or work items

Permissions Policy

How is the issue solved in the Browser, and what’s more is needed?

For some experimental APIs, browsers often have configuration flags. Some APIs can be disabled through Permissions Policy (aka Feature Policy), but the list of controlled features is limited and different per browser.

QingAn commented 2 years ago

Collect more details and update the description @muodov