bvandersloot-mozilla
commented
4 months ago We'd be willing to tighten up the protection to align to a spec change here.
Open johannhof opened 7 months ago
bvandersloot-mozilla
commented
4 months ago We'd be willing to tighten up the protection to align to a spec change here.
If I'm not mistaken, both Safari and Chrome have a "prior user interaction" requirement that will auto-reject SAA calls unless the user has interacted with the requesting site in a top-level context in the last X (I think currently 30) days. Firefox also looks at prior interactions, but only gates its "auto-grant" mechanism for the first 5 embedded sites on it.
If this is shipping in roughly the same shape in two browsers we might want to align the spec on it.
cc @annevk @bvandersloot-mozilla @cfredric