Bug 140208

Summary: WKUIDelegate should provide a hook for page-specific location prompts
Product: WebKit Reporter: Eugene But <eugenebut>
Component: WebKit2Assignee: Brady Eidson <beidson>
Status: RESOLVED FIXED    
Severity: Normal CC: ahmad.saleem792, dvpdiner2, stefan, stuartmorgan, u1201u, webkit-bug-importer
Priority: P2 Keywords: InRadar
Version: 528+ (Nightly build)   
Hardware: iPhone / iPad   
OS: All   
Attachments:
Description Flags
123 none

Eugene But
Reported 2015-01-07 14:18:26 PST
Summary: The WKUIDelegate methods for alerts are very useful, as it finally allows a non-hacky way of doing things like off-screen rendering (e.g., for pre-rendering a page). However, a page can still throw a page-specific location permission prompt without any hook, which means a page the user can't see might prompt them. For all the same reasons that the alert delegation exists, WKUIDelegate should also have a hook of some kind for controlling whether to show location permission prompts from individual pages. Steps to Reproduce: 1) Make a WKWebView that shouldn't display any prompts (e.g., because it's offscreen). 2) Navigate it to maps.google.com Expected Results: A location prompt that can't be prevented/handled in native code. Actual Results: Making the following WKUIDelegateMethod public is perfect solution for us: +- (bool)_webView:(WKWebView *)webView shouldRequestGeolocationAuthorizationForURL:(NSURL *)url isMainFrame:(BOOL)isMainFrame mainFrameURL:(NSURL *)mainFrameURL;
Attachments
123 (104.23 KB, text/plain)
2022-09-22 07:18 PDT, ANDY 		no flags
Details
Show Obsolete (1) View All Add attachment proposed patch, testcase, etc.
Eugene But
Comment 1 2015-01-07 16:08:14 PST
Radar ID: 17486671
Stefan Arentz
Comment 2 2015-05-12 07:22:46 PDT
+1 This would be wonderful to have for Firefox for iOS.
Stuart Morgan
Comment 3 2015-06-08 14:32:31 PDT
Note that this is a security issue, as described in rdar://21289208
ANDY
Comment 4 2022-09-22 07:18:03 PDT Comment hidden (spam)
Stefan Arentz
Comment 5 2022-09-22 09:25:22 PDT
The attachment that just was posted got my hopes up but unfortunately it is spam or maybe something malicious. Beware.
Darryl Pogue
Comment 6 2024-04-26 02:00:40 PDT
The newer version of this API would be WKUIDelegate's private `_webView:requestGeolocationPermissionForOrigin:initiatedByFrame:decisionHandler:` SPI method. - (void)_webView:(WKWebView *)webView requestGeolocationPermissionForOrigin:(WKSecurityOrigin*)origin initiatedByFrame:(WKFrameInfo *)frame decisionHandler:(void (^)(WKPermissionDecision decision))decisionHandler WK_API_AVAILABLE(macos(12.0), ios(15.0)); This matches the similar API methods publicly available on WKUIDelegate for handling media capture and device orientation permission prompts.
Darryl Pogue
Comment 7 2024-04-26 02:16:29 PDT
Since this involves public API, I've also submitted it through Feedback Assistant as FB13756330
Darryl Pogue
Comment 8 2024-08-18 19:09:48 PDT
Pull request: https://github.com/WebKit/WebKit/pull/32370
Brady Eidson
Comment 9 2026-02-11 15:53:18 PST
<rdar://problem/127103852>
Brady Eidson
Comment 10 2026-02-11 16:13:33 PST
Pull request: https://github.com/WebKit/WebKit/pull/58447
EWS
Comment 11 2026-02-11 18:49:54 PST
Committed 307331@main (512a6e328b7f): <https://commits.webkit.org/307331@main> Reviewed commits have been landed. Closing PR #58447 and removing active labels.
Note You need to log in before you can comment on or make changes to this bug.