WebAPI/Security/ScreenOrientation
From MozillaWiki
Screen Orientation
Brief purpose of API: Get notification when screen orientation changes as well as lock the screen orientation
General use case: Prevent screen orientation from changing when playing a game utilizing device motion. Switch screen orientation when switching between different parts of an app (i.e. from playlist to video playback). API wise, this means detecting orientation and setting/locking orientation.
References:
- bug 720794
- bug 673922
- Security Discussion: https://groups.google.com/group/mozilla.dev.webapps/browse_thread/thread/285ab0bebdad0b7d/9b7ba31dc934014f
Inherent threats: minor information leakage (device orientation), minor user inconvenience (lock device orientation)
Threat severity: Low per https://wiki.mozilla.org/Security_Severity_Ratings
Permissions Table
| Type | Use Cases | Authorization Model | Notes & Other Controls |
|---|---|---|---|
| Web Content | As per general case | Implicit for detecting orientation, implicit for locking/setting orientation in fullscreen only | Normal content can only set/lock orientation in fullscreen. Only top-level content can set/lock. |
| Installed Web Apps | As per general case | Implicit | |
| Privileged Web Apps | As per general case | Implicit | |
| Certified Web Apps | As per general case | Implicit |
