Closed stephenmcgruer closed 1 year ago
I think this makes sense, a few thoughts:
Jeffrey linked me to https://html.spec.whatwg.org/multipage/interaction.html#page-visibility as the concept we probably want to work from
The show() method [1] algorithm includes this:
If document is not [fully active](https://html.spec.whatwg.org/multipage/document-sequences.html#fully-active), then return [a promise rejected with](https://webidl.spec.whatwg.org/#a-promise-rejected-with) an "[AbortError](https://webidl.spec.whatwg.org/#aborterror)" [DOMException](https://webidl.spec.whatwg.org/#idl-DOMException).
It does not sound like that suffices (no mention of page-visibility).
@samuelweiler, we've updated the specification based on the PING review. If satisfied, please do the relevant label management. :) Thank you!
During today's PING discussion and review of the changes to SPC, the PING raised a concern that removing the user activation requirement could lead to sites triggering SPC from a background tab. This could confuse users, especially as technically the spec doesn't require a tab-modal dialog (Chrome just implements SPC as a tab-modal UI, which I think any reasonable browser would, but it isn't enforced).
PING has asked that we add a normative step that SPC authentication should fail if the current tab is not foreground.