← Back to release summary

Permissions Policy for Web Bluetooth API

Category

Security

Type

New or changed feature

Status

Enabled by default (Chrome 104)

Intent stage

Shipped

Summary

Integrates the Web Bluetooth API with Permissions Policy, which should be identified by the "bluetooth" token. The Web Bluetooth API allows webpages to communicate with devices over Bluetooth. However, this API is not allowed to be used from cross-origin iframes. This integration enables this scenario while providing protection against unwanted access to Bluetooth capabilities, which requires the top-level document to explicitly allow a cross-origin iframe to use the API's methods.

Standards & signals

• Specification: https://webbluetoothcg.github.io/web-bluetooth/#permissions-policy
• Firefox: Negative — Gecko is opposed to the Web Bluetooth API, so it is unlikely that they will have a different opinion on this incremental change.
• Safari: Negative — WebKit is opposed to the Web Bluetooth API, so it is unlikely that they will have a different opinion on this incremental change.
• Web developers: Positive
• Tracking bug: https://bugs.chromium.org/p/chromium/issues/detail?id=518042

Explainers: https://webbluetoothcg.github.io/web-bluetooth/#permissions-policy

View on chromestatus.com