Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Fix issue 26048: document security requirements for opening and focus… #26838

Merged
merged 1 commit into from
May 19, 2023
Merged

Fix issue 26048: document security requirements for opening and focus… #26838

merged 1 commit into from
May 19, 2023

Conversation

wbamberg
Copy link
Collaborator

Fixes #26048.

Documents security requirements for WindowClient.focus() and Clients.openWindow().

I believe that although the bug report quotes a SO answer that the requirement is that the methods may only be called inside a notificationclick handler, that's a very old answer, and from the spec it looks as if the requirement is transient activation:

https://w3c.github.io/ServiceWorker/#clients-openwindow
https://w3c.github.io/ServiceWorker/#client-focus

I wasn't quite sure what "this origin" means here. I have documented it as "the app's origin" but not sure that is correct.

@wbamberg wbamberg requested a review from a team as a code owner May 18, 2023 15:52
@wbamberg wbamberg requested review from sideshowbarker and removed request for a team May 18, 2023 15:52
@github-actions github-actions bot added the Content:WebAPI Web API docs label May 18, 2023
@github-actions
Copy link
Contributor

Preview URLs

@sideshowbarker sideshowbarker merged commit 1200b31 into mdn:main May 19, 2023
wbamberg added a commit to wbamberg/content that referenced this pull request May 20, 2023
@wbamberg
Merge remote-tracking branch 'origin/update-beforeinstallpromptevent'…
6f3a413 
… into update-beforeinstallpromptevent

* origin/update-beforeinstallpromptevent:
  Add Prettier to lint command (mdn#20674)
  Remove SVG <discard> docs (mdn#26856)
  Remove docs for <applet> (mdn#26850)
  refactor: migrate media.prod.mdn.mozit.cloud URLs (mdn#26809)
  chore: Remove embedlivesample macro calls with a fourth parameter (mdn#26816)
  Bump @mdn/yari from 2.21.0 to 2.22.0 (mdn#26858)
  WebTransport API (mdn#26529)
  Fix issue 26739: correct beforeunload situation wrt bfcache (mdn#26819)
  add missing colon (mdn#26846)
  Replace reference to time domain with amplitude domain in `AnalyserNode .fftSize` (mdn#26840)
  Fix issue 26048: document security requirements for opening and focus… (mdn#26838)
  Change all CSS spec URLs back to drafts.csswg.org (mdn#26833)
  Synchronize with BCD v5.2.58 (mdn#26829)
  Rename nonexistent globalScope to globalThis in service worker event examples (mdn#26808)
  Small typo fix (mdn#26822)
  removing scrollbar (mdn#26813)
  Fix typo (mdn#26826)
wbamberg added a commit to wbamberg/content that referenced this pull request Jun 1, 2023
@wbamberg
Merge remote-tracking branch 'origin/pwa-main-page' into pwa-main-page
c953f68 
* origin/pwa-main-page: (86 commits)
  Add Prettier to lint command (mdn#20674)
  Remove SVG <discard> docs (mdn#26856)
  Remove docs for <applet> (mdn#26850)
  refactor: migrate media.prod.mdn.mozit.cloud URLs (mdn#26809)
  chore: Remove embedlivesample macro calls with a fourth parameter (mdn#26816)
  Bump @mdn/yari from 2.21.0 to 2.22.0 (mdn#26858)
  WebTransport API (mdn#26529)
  Fix issue 26739: correct beforeunload situation wrt bfcache (mdn#26819)
  add missing colon (mdn#26846)
  Replace reference to time domain with amplitude domain in `AnalyserNode .fftSize` (mdn#26840)
  Fix issue 26048: document security requirements for opening and focus… (mdn#26838)
  Change all CSS spec URLs back to drafts.csswg.org (mdn#26833)
  Synchronize with BCD v5.2.58 (mdn#26829)
  Rename nonexistent globalScope to globalThis in service worker event examples (mdn#26808)
  Small typo fix (mdn#26822)
  removing scrollbar (mdn#26813)
  Fix typo (mdn#26826)
  docs(:not()): Update the syntax and example titles (mdn#26814)
  Add a Performance guide for Server Timing (mdn#25575)
  Fix a summary (mdn#26815)
  ...
@evgsil
Copy link

evgsil commented Jun 24, 2024

It seems not to be working in the Chrome. (Did not check in other browsers). My scenario was to postMessage to service worker by button.onClick event and change focus to other ClientWindow. And I was still getting "Not allowed to focus a window" exception despite the fact that my current window should theoretically be in Transient Activation state.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@sideshowbarker sideshowbarker sideshowbarker approved these changes

Assignees
No one assigned
Labels
Content:WebAPI Web API docs
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Please specify that openWindow() and focus() only works when the user clicked on a notification
3 participants
@wbamberg @evgsil @sideshowbarker