ShivanKaul
commented
1 year ago Interesting idea, but this would be a big change in how we or any other browsers handle permissions. I think the UX issue here is sticky: how deep should the path options, and what should the default scope be? If the latter is "most restrictive" i.e. the full URL, then that would lead to users getting spammed with geolocation prompts on websites, which is not great for security. If it is not, then the first time you get hit with the geolocation prompt you probably don't know the right granularity and end up over-granting (and also never see a prompt for that permission again).
abjugard
Description
Google recently moved Google Maps from maps.google.com to google.com/maps, this means that the current location access system forces me to give ALL Google applications location access if I want Google Maps to have access to my location.
This highlights to me that the permissions APIs (location access in particular) available in the Chromium codebase are not precise enough for the modern web.
Suggested implementation
Allow users to narrow the scope of permissions to include paths as well as just domain. One way to present this could be using radio buttons, e.g. for an app at https://some.app.domain/very/deep/path?some=query¶meters=here:
For the Google Maps example it might look like this:
I'll leave it to the engineers more familiar with the codebase to consider how best to present a feature like this in settings, could be modelled as separate sites, or just as sub-sites under the domain where these settings are currently stored.
Brave version (brave://version info)
Brave: 1.45.118 Chromium: 107.0.5304.91 (Official Build) (x86_64) Revision: 3d5948960d62418160796d5831a4d2d7d6c90fa8-refs/branch-heads/5304@{#1097} OS: macOS Version 13.0 (Build 22A380)
Other Additional Information:
I was made aware of this via Hacker News: https://news.ycombinator.com/item?id=33729345