LGTM2 On 8/18/25 2:21 p.m., Alex Russell wrote:
LGTM1On Thursday, August 14, 2025 at 1:43:48 PM UTC-7 Chromestatus wrote: Contact emails pcho...@google.com Explainer https://github.com/WICG/WebApiDevice/blob/main/DeviceAttributesPermissionsPolicyExplainer.md <https://github.com/WICG/WebApiDevice/blob/main/DeviceAttributesPermissionsPolicyExplainer.md> Specification https://github.com/WICG/WebApiDevice/blob/main/DeviceAttributesPermissionsPolicyExplainer.md <https://github.com/WICG/WebApiDevice/blob/main/DeviceAttributesPermissionsPolicyExplainer.md> Summary The new Permissions Policy enables restricting access to the Device Attributes API, which is available only for policy-installed kiosk web apps and policy-installed Isolated Web Apps, both only on managed ChromeOS devices. Additionally, the feature is controlled by content settings. 2 new policies are introduced: DeviceAttributesBlockedForOrigins and DefaultDeviceAttributesSetting, to complement the introduced earlier DeviceAttributesAllowedForOrigins. The feature is enabled by default for the supported scenarios described above. Blink component Blink>Managed <https://issues.chromium.org/issues?q=customfield1222907:%22Blink%3EManaged%22> TAG review TAG declined to review the original implementation of Device Attributes API, and this is an incremental change to it. TAG review status Not applicable Risks Interoperability and Compatibility The Isolated Web Apps that used the Device Attributes API will now need to declare the usage of the API in the permissions_policy section in the manifest. The API launched only in ChromeOS Kiosk mode and there are no known IWAs using the API though. /Gecko/: No signal /WebKit/: No signal /Web developers/: No signals /Other signals/: WebView application risks Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications? The API which the feature is related to is not available in WebView. It is available only for policy installed web applications on managed ChromeOS devices. Debuggability The Device Attributes API can be called from the DevTools console. This feature changes the availability of the API, so either a result of the call or an error can be seen from DevTools. Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, ChromeOS, Android, and Android WebView)? No The Device Attributes API is available only on ChromeOS, so this feature is supported on ChromeOS only as well. Is this feature fully tested by web-platform-tests <https://chromium.googlesource.com/chromium/src/+/main/docs/testing/web_platform_tests.md>? No Flag name on about://flags None Finch feature name DeviceAttributesPermissionPolicy Rollout plan Will ship enabled for all users Requires code in //chrome? True Availability expectation Feature is available only in ChromeOS browsers for the foreseeable future. Adoption expectation Feature will be used by Web App developers for Kiosk and other managed apps, especially Virtual Desktop Infrastructure clients on ChromeOS as a part of migration from ChromeApps to Isolated Web Apps and PWAs within 12 months of launch in Chrome. Adoption plan The already existing setting for kiosk applications in Google Admin Console will be moved to Content Settings. It'll also enable using the API in managed Isolated Web Apps, as opposed to current support for Kiosk mode PWAs. Non-OSS dependencies Does the feature depend on any code or APIs outside the Chromium open source repository and its open-source dependencies to function? Yes. Policy for managed devices is used to control apps that can access this API. For example, after the launch navigator.managed.getAnnotatedAssetId will be defined for 'trusted' origins (kiosk or force-installed Isolated Web Apps), but it will return an error if origin is blocked in 'DeviceAttributesBlockedForOrigins' policy. Estimated milestones Shipping on desktop 141 DevTrial on desktop 140 Anticipated spec changes Open questions about a feature may be a source of future web compat or interop issues. Please list open issues (e.g. links to known github issues in the project for the feature specification) whose resolution may introduce web compat/interop risk (e.g., changing to naming or structure of the API in a non-backward-compatible way). Spec was changed in the following pull request https://github.com/WICG/WebApiDevice/pull/27 <https://github.com/WICG/WebApiDevice/pull/27> Link to entry on the Chrome Platform Status https://chromestatus.com/feature/4843520522977280?gate=5129685195030528 <https://chromestatus.com/feature/4843520522977280?gate=5129685195030528> Links to previous Intent discussions Intent to Prototype: https://groups.google.com/a/chromium.org/d/msgid/blink-dev/684c1f97.170a0220.aedbe.04cd.GAE%40google.com <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/684c1f97.170a0220.aedbe.04cd.GAE%40google.com> Ready for Trial: https://groups.google.com/a/chromium.org/g/blink-dev/c/O0sTtPbIJzY <https://groups.google.com/a/chromium.org/g/blink-dev/c/O0sTtPbIJzY> This intent message was generated by Chrome Platform Status <https://chromestatus.com>. --You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/b07f557c-f8d8-4d48-ad43-fe8b14204b3fn%40chromium.org <https://groups.google.com/a/chromium.org/d/msgid/blink-dev/b07f557c-f8d8-4d48-ad43-fe8b14204b3fn%40chromium.org?utm_medium=email&utm_source=footer>.
-- You received this message because you are subscribed to the Google Groups "blink-dev" group. To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscr...@chromium.org. To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/57c14e74-f3cd-4e19-aeb8-ea70607c1355%40chromium.org.
