Querying all available devices using WebUSB's getDevices w/o prompt message?

Question

Just discovered the new WebUSB API which allows the application to get an access to a specific device that plugged to the user's machine.

As part of my development I want to map the user's devices (for example, show a list of attached devices by querying their VendorID and ProductID).

I have noticed that in order to query all the user's available devices I have to use following code: navigator.usb.requestDevice({filters:[]}).

This code prompts a permission message to the user, which have to enable a specific device for the session.

My question - is it possible to query the Vendor IDs and Product IDs without permission? (of course without any attempt to use the actual device, just query it).

Answer 1

No. To get access to a device, you have to use requestDevice. This is one of the central security aspects of the API. From the spec:

...This API...requires a similarly generic mechanism for preventing a malicious page from abusing a device.

The first of these protections is the requestDevice() function. The UA may display a permission prompt when this function is called. Even for a non-malicious page this action also preserves user privacy by preventing a site from connecting to a device before the user is aware that such a connection is possible.

Even the fact that the user has a given device is sensitive information your page/app should not be able to access without the user's permission.