immersive-web / privacy-and-security

Cross specification concerns and suggestions for privacy and security for the immersive web (Feature lead: Mounir Lamouri)
16 stars 8 forks source link

Security feature blocks accessibility: Can't enter VR mode with fuse button #27

Open DougReeder opened 4 years ago

DougReeder commented 4 years ago

Use Case: Users with limited dexterity can use a headset, but not buttons, either on the headset or on controllers. (For example, users with Parkinson's, or who do not currently have use of their hands.)

UI both outside and inside VR can be implemented with fuse buttons (where the user places the pointer on a button for some predetermined length of time). This can be implemented with JavaScript, wherein the code creates a click event at the appropriate time. Unfortunately, this runs afoul of the security requirement that requestPresent() be called in a user-interaction handler, like a click handler.

For the immersive web to be accessible to all, there needs to be an approach to allow users who can only control their head to enter VR mode, and other transitions that require user assent, like starting audio play.

A narrow solution would be a browser flag to disable this security requirement.

A broader solution would a mechanism to extend the browser. Such a mechanism may already exist for the flat web.

DougReeder commented 3 years ago

The narrow solution exists for Firefox Reality: setting the configuration flag dom.vr.require-gesture to false allows this.