WebAPI/Security/ScreenOrientation: Difference between revisions
Jump to navigation
Jump to search
No edit summary |
Ptheriault (talk | contribs) No edit summary |
||
| Line 1: | Line 1: | ||
== Screen Orientation == | |||
Brief purpose of API: Get notification when screen orientation changes as well as lock the screen orientation | |||
General use case: Prevent screen orientation from changing when playing a game utilizing device motion. Switch screen orientation when switching between different parts of an app (i.e. from playlist to video playback). API wise, this means detecting orientation and setting/locking orientation. | |||
References: | References: | ||
| Line 5: | Line 9: | ||
*{{bug|673922}} | *{{bug|673922}} | ||
*Security Discussion: https://groups.google.com/group/mozilla.dev.webapps/browse_thread/thread/285ab0bebdad0b7d/9b7ba31dc934014f | *Security Discussion: https://groups.google.com/group/mozilla.dev.webapps/browse_thread/thread/285ab0bebdad0b7d/9b7ba31dc934014f | ||
Inherent threats: minor information leakage (device orientation), minor user inconvenience (lock device orientation) | Inherent threats: minor information leakage (device orientation), minor user inconvenience (lock device orientation) | ||
| Line 12: | Line 14: | ||
Threat severity: Low per https://wiki.mozilla.org/Security_Severity_Ratings | Threat severity: Low per https://wiki.mozilla.org/Security_Severity_Ratings | ||
== | === Permissions Table=== | ||
== | |||
{| border="1" class="wikitable" | |||
! Type | |||
! Use Cases | |||
! Authorization Model | |||
! Notes & Other Controls | |||
|- | |||
| Web Content || As per general case|| Implicit for detecting orientation, implicit for locking/setting orientation in fullscreen only || Normal content can only set/lock orientation in fullscreen. Only top-level content can set/lock. | |||
|- | |||
| Installed Web Apps || As per general case || Implicit || | |||
|- | |||
| Privileged Web Apps || As per general case || Implicit || | |||
|- | |||
| Certified Web Apps || As per general case || Implicit || | |||
|} | |||
Revision as of 04:40, 24 September 2012
Screen Orientation
Brief purpose of API: Get notification when screen orientation changes as well as lock the screen orientation
General use case: Prevent screen orientation from changing when playing a game utilizing device motion. Switch screen orientation when switching between different parts of an app (i.e. from playlist to video playback). API wise, this means detecting orientation and setting/locking orientation.
References:
- bug 720794
- bug 673922
- Security Discussion: https://groups.google.com/group/mozilla.dev.webapps/browse_thread/thread/285ab0bebdad0b7d/9b7ba31dc934014f
Inherent threats: minor information leakage (device orientation), minor user inconvenience (lock device orientation)
Threat severity: Low per https://wiki.mozilla.org/Security_Severity_Ratings
Permissions Table
| Type | Use Cases | Authorization Model | Notes & Other Controls |
|---|---|---|---|
| Web Content | As per general case | Implicit for detecting orientation, implicit for locking/setting orientation in fullscreen only | Normal content can only set/lock orientation in fullscreen. Only top-level content can set/lock. |
| Installed Web Apps | As per general case | Implicit | |
| Privileged Web Apps | As per general case | Implicit | |
| Certified Web Apps | As per general case | Implicit |