Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Using Bluetooth from WebExtension #612

Open
eqvinox opened this issue Sep 18, 2023 · 1 comment
Open

Using Bluetooth from WebExtension #612

eqvinox opened this issue Sep 18, 2023 · 1 comment

Comments

@eqvinox
Copy link

eqvinox commented Sep 18, 2023

Are there any plans to make WebBluetooth usable from a browser add-on? (I'm not enough of a web developer to know if this is "automatic" or needs additional specification work…)

Speaking as someone currently building a BLE device, I have to agree with Mozilla's position that WebBluetooth is too much of a security and privacy risk to roll out. In particular, I don't have enough hubris to believe my webpage won't ever have XSS issues (thus yielding BT control over my device to malicious 3rd parties), and neither do I really want a low barrier to other websites talking to my devices.

From a user perspective, much of the same applies, I wouldn't ever feel comfortable granting BT permissions to any website. I also believe this pattern to be harmful to less technically inclined people — granting permissions to a website is a much lower psychological bar of trust than installing an application. I've seen "number of clicks" argued in other issues. 2 clicks in a browser are not the same as 2 clicks in an app store (or even the browser's extension manager.)

As such, I'd rather create a browser extension to support my devices; the extension can then control and expose a limited interface to some websites. This also has the advantage of having a review and update process, and allows (if properly designed) moving blocklist from browser updates to the extension "store". It's quite simply a useful additional layer of security (and privacy.)

Any comments? Was this previously discussed anywhere? (Didn't find anything…)
@reillyeon
Copy link
Contributor

Web Bluetooth is supported in extensions in Chromium-based browsers. In general isn't anything special the specification needs to do to be available in that context. I am not aware of any plans for another browser engine to support this API specifically in extensions but I think it's a great idea to mitigate the perceived risk.

The exception to that is that in Chromium we've recently shipped support for WebHID and WebUSB in Service Workers, but only for extensions, given that we aren't comfortable with any site being able to communicate with a device in the background, but background operation is typical for extensions. If an extension developer wanted to use Web Bluetooth from a Service Worker the specification would need to be updated to describe how the API behaves in that context as the specification currently only covers usage from a document.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@reillyeon @eqvinox