Bug 140208

Summary: WKUIDelegate should provide a hook for page-specific location prompts
Product: WebKit Reporter: Eugene But <eugenebut>
Component: WebKit2Assignee: Nobody <webkit-unassigned>
Status: NEW ---    
Severity: Normal CC: ahmad.saleem792, dvpdiner2, stefan, stuartmorgan, u1201u
Priority: P2 Keywords: InRadar
Version: 528+ (Nightly build)   
Hardware: iPhone / iPad   
OS: All   
Attachments:
Description Flags
123 none

Description Eugene But 2015-01-07 14:18:26 PST 
Summary:
The WKUIDelegate methods for alerts are very useful, as it finally allows a non-hacky way of doing things like off-screen rendering (e.g., for pre-rendering a page). However, a page can still throw a page-specific location permission prompt without any hook, which means a page the user can't see might prompt them.

For all the same reasons that the alert delegation exists, WKUIDelegate should also have a hook of some kind for controlling whether to show location permission prompts from individual pages.

Steps to Reproduce:
1) Make a WKWebView that shouldn't display any prompts (e.g., because it's offscreen).
2) Navigate it to maps.google.com

Expected Results:
A location prompt that can't be prevented/handled in native code.

Actual Results:
Making the following WKUIDelegateMethod public is perfect solution for us:
+- (bool)_webView:(WKWebView *)webView shouldRequestGeolocationAuthorizationForURL:(NSURL *)url isMainFrame:(BOOL)isMainFrame mainFrameURL:(NSURL *)mainFrameURL;
Comment 1 Eugene But 2015-01-07 16:08:14 PST 
Radar ID: 17486671
Comment 2 Stefan Arentz 2015-05-12 07:22:46 PDT 
+1 This would be wonderful to have for Firefox for iOS.
Comment 3 Stuart Morgan 2015-06-08 14:32:31 PDT 
Note that this is a security issue, as described in rdar://21289208
Comment 4 ANDY 2022-09-22 07:18:03 PDT Comment hidden (spam)
Comment 5 Stefan Arentz 2022-09-22 09:25:22 PDT 
The attachment that just was posted got my hopes up but unfortunately it is spam or maybe something malicious. Beware.
Comment 6 Darryl Pogue 2024-04-26 02:00:40 PDT 
The newer version of this API would be WKUIDelegate's private `_webView:requestGeolocationPermissionForOrigin:initiatedByFrame:decisionHandler:` SPI method.

- (void)_webView:(WKWebView *)webView requestGeolocationPermissionForOrigin:(WKSecurityOrigin*)origin initiatedByFrame:(WKFrameInfo *)frame decisionHandler:(void (^)(WKPermissionDecision decision))decisionHandler WK_API_AVAILABLE(macos(12.0), ios(15.0));

This matches the similar API methods publicly available on WKUIDelegate for handling media capture and device orientation permission prompts.
Comment 7 Darryl Pogue 2024-04-26 02:16:29 PDT 
Since this involves public API, I've also submitted it through Feedback Assistant as FB13756330