WebAPI/Security/ScreenOrientation: Difference between revisions

From MozillaWiki
Jump to navigation Jump to search
No edit summary
No edit summary
 
Line 30: Line 30:
| Certified Web Apps ||  As per general case || Implicit ||
| Certified Web Apps ||  As per general case || Implicit ||
|}
|}
[[Category:Web APIs]]
[[Category:Security]]

Latest revision as of 23:41, 1 October 2014

Screen Orientation

Brief purpose of API: Get notification when screen orientation changes as well as lock the screen orientation

General use case: Prevent screen orientation from changing when playing a game utilizing device motion. Switch screen orientation when switching between different parts of an app (i.e. from playlist to video playback). API wise, this means detecting orientation and setting/locking orientation.

References:

Inherent threats: minor information leakage (device orientation), minor user inconvenience (lock device orientation)

Threat severity: Low per https://wiki.mozilla.org/Security_Severity_Ratings

Permissions Table

Type Use Cases Authorization Model Notes & Other Controls
Web Content As per general case Implicit for detecting orientation, implicit for locking/setting orientation in fullscreen only Normal content can only set/lock orientation in fullscreen. Only top-level content can set/lock.
Installed Web Apps As per general case Implicit
Privileged Web Apps As per general case Implicit
Certified Web Apps As per general case Implicit