Reputation: 1221
Just discovered the new WebUSB
API which allows the application to get an access to a specific device that plugged to the user's machine.
As part of my development I want to map the user's devices (for example, show a list of attached devices by querying their VendorID and ProductID).
I have noticed that in order to query all the user's available devices I have to use following code: navigator.usb.requestDevice({filters:[]})
.
This code prompts a permission message to the user, which have to enable a specific device for the session.
My question - is it possible to query the Vendor IDs and Product IDs without permission? (of course without any attempt to use the actual device, just query it).
Upvotes: 2
Views: 983
Reputation: 1075337
No. To get access to a device, you have to use requestDevice
. This is one of the central security aspects of the API. From the spec:
...This API...requires a similarly generic mechanism for preventing a malicious page from abusing a device.
The first of these protections is the
requestDevice()
function. The UA may display a permission prompt when this function is called. Even for a non-malicious page this action also preserves user privacy by preventing a site from connecting to a device before the user is aware that such a connection is possible.
Even the fact that the user has a given device is sensitive information your page/app should not be able to access without the user's permission.
Upvotes: 2