Chrome nettleser, News

One-time permissions in Chrome

With a gradual rollout from Chrome 116, we will be adding the Allow this time option to permission prompts. Our goal is to make it easier for people to use powerful web capabilities on their own terms. Allow this time will initially be available on desktop for some of the most common permissions: geolocation, camera, and microphone. Permission prompts for other capabilities and on the mobile web are unchanged for now, but may change in the future.

If you’re a site owner, review Impact and Recommendations, and try the demo.

A new UX for permissions

Permissions UX before Chrome 116

Permission prompt showing only block and allow.
Permission prompt before Chrome 116.

Users are presented with three options:

  • Allow: Persistent allow.
  • Block: Persistent block.
  • Clicking the x button: Temporary block. The site can prompt the user again later, at most three times.

Permissions can be managed via the Site controls in the address bar or via the Site settings.

Key Term

Site controls: User-facing information and controls for a site, accessible after clicking the icon in the address bar.

The site controls menu in Chrome.
Site controls in Chrome.
Key Term

Site settings: User-facing information and controls for a site. Site settings can be accessed by clicking Site settings in the Site controls menu, or via Chrome’s Settings page (chrome://settings or the Settings entry in the three-dot-menu).

New permissions UX from Chrome 116

Permission prompt with the new one-time option.
Permission prompt with the new one-time option. This is the new permission prompt on desktop for geolocation, camera, and microphone.

Users are presented with four options:

  • Allow this time: Temporary allow.
  • Allow on every visit: Persistent allow.
  • Don’t allow: Persistent block.
  • Clicking the x button: Temporary block.

When users select Allow this time, the granted permission is temporary, also referred to as one-time permission. Its duration is limited to the current ongoing interaction with a web application.

One-time permissions can be managed like other permissions, via the Site controls or Site settings.

User benefits and UX design of “Allow this time”

Allow this time provides users with:

  • Increased control. Chrome user research has shown that users often are not ready to make a persistent decision for website permissions, trying to assess if they get value in return for granting permissions. Offering a one-time Allow option accommodates this need and makes allowing access less risky.
  • More clarity. Explicit Allow this time and Allow on every visit options make it clear that one of the options is temporary, while the other one is persistent.

Chrome UX teams tested multiple layout and string variations before settling on the vertical three-button layout. User feedback indicated that a layout similar to mobile UIs provides safer outcomes and better expectation match. We think that this is partly due to users being already familiar with this pattern.

Permission prompt for an Android app.
Permission prompt for an Android app, with three options presented in vertically-stacked buttons, including a one-time permission. Source: https://developer.android.com/training/location/permissions.

One-time permissions in other browsers

On the web, one-time permissions are supported in a number of browsers, including Safari and Firefox. To see how they work on your device, experiment with https://permission.site/one-time. Make sure to try out geolocation, camera, and microphone permissions, as they may have specific behaviors.

For example:

  • In Safari 16 on desktop, geolocation is one-time by default (until next navigation). The user can opt into access being persisted for 24 hours via a checkbox.
  • In Firefox 115 on desktop, geolocation, camera and microphone permissions are one-time by default. The user can opt into persistent access via a checkbox.

One-time permissions are also built into several mobile operating systems.

Impact and recommendations

Impact of one-time permissions:

  • The introduction of one-time permissions does not impact permissions that users have previously granted persistently.
  • Once a user makes a decision on a permission prompt, then for the duration of their visit, the permission state is either granted or denied. One-time permissions make no difference in this regard.
  • However, if the user selects Allow this time, they will see a permission prompt again on their next visit.

To accommodate for one-time permissions, we recommend that site owners do the following:

Chrome removes permissions from sites users haven’t recently visited. This is independent from one-time permissions.

Best practices

Allow this time may make people more likely to grant permissions to try out capabilities, but it may also reduce their willingness to grant permanent access. This makes it even more important to follow best practices.

  • Provide the necessary context before requesting permissions. Explain to your users why they’ll benefit from a capability.
  • Requests permissions at an appropriate and expected moment. Ideally, let your users express their intention to use a certain capability at their own pace.
  • For the duration of the user’s visit, provide the same experience regardless of whether the user selected the one-time or persistent option.

Review additional guidance in Permission UX.

Expiration of one-time permissions

By default, all web permissions are bound to an origin, which can be thought of as an app of its own. With Allow this time, the user gives a one-time permission to an origin. In essence, one-time permissions expire when the user stops actively interacting with that origin for some time. This means the site can continue to use the capability if the user briefly switches to another web page in a different tab but then comes back.

In more detail, one-time permission grants expire as soon as any of the following conditions are met:

  • The page has been closed, was navigated away from, or was discarded. This includes closing Chrome.
  • 16 hours have passed since granting permission.
  • The user manually revokes the permission (for example, in Site controls), or the permission is overridden through an enterprise policy.
  • The page has been in the background for at least 5 minutes—except if the capability is allowed to run in the background, like camera or microphone. In this case, as long as the site uses the capability, Chrome shows a tab strip indicator and doesn’t start the 5-minute timer until the page stops using the capability. Note that the 16-hour timer is still running.

A user may have several tabs of the same origin open simultaneously. In that case, the expiration conditions are unchanged—you only need to replace the term “page” with “all pages from that origin”.

Background tab

A browser tab is in the background when it’s not in the foreground. A tab is in the foreground when it’s the visible tab in a browser window that is not minimized.

In Chrome, some capabilities, like geolocation, can only run in the foreground tab. They’re not allowed to run in a background tab. Others, like camera and microphone, are allowed to run in a background tab.

A screenshot of the browser window highlight an active foreground tab and inactive background tab.

Tab strip indicator

Capabilities that continue to run when the tab is in the background have a tab strip indicator.
For example, camera has a tab strip indicator.

A tab with a red dot.
The tab indicator for camera access is a red dot.

Geolocation doesn’t need a tab strip indicator, because geolocation access is paused as soon as the page is in the background.

Important

Geolocation has an address bar indicator, but no tab strip indicator.

Examples

  • Geolocation: The user is on example.com and grants one-time geolocation access. The user switches to another tab. This makes example.com a background tab. Geolocation access is paused immediately because Chrome doesn’t allow background geolocation access, but the one-time permission grant is still valid. If the user comes back to example.com within five minutes, the page can resume geolocation access (and the 5-minute expiry timer is reset). If they don’t, the one-time permission expires.
  • Camera/Microphone: The user is on example.com and grants one-time camera access. The user switches to another tab. This makes example.com a background tab. Camera access can continue because Chrome allows camera access to continue in the background. Chrome keeps displaying the tab strip indicator for camera as long as it’s in use to keep the user informed. At some point, the site may decide to stop camera access, in which case the 5-minute expiry timer starts. After 5 minutes without camera access, the one-time permission expires.

Permissions API

Caution

At the time of this writing, the Permissions API is only available for some capabilities, depending on the browser. Review the list of capabilities that are permissions-aware here, and detailed browser support here.

Browser support


  • Chrome 43, Supported


    43

  • Firefox 46, Supported


    46

  • Edge 79, Supported


    79

  • Safari 16, Supported


    16

Source

To query the status of API permissions, you can use the Permissions API:

  • If the user picks Allow this time, the Permission API status is set to granted. This means that an unexpired one-time permission and a persistent permission are indistinguishable and have the same status: granted.
  • Once the one-time permission expires, the status will be set back to prompt.
  • To observe the expiration of a one-time permission, register a PermissionStatus.onchange event handler.
Objective

Review example code here, and try the demo to observe these behaviors.

Important

Do not use the prompt state as a signal that a user is a first-time user. This has never been a reliable signal. With one-time permissions, it becomes even less reliable because prompt may now be the status of a permission that the user has previously chosen to Allow this time but has since expired. For example, because all tabs from that origin were in the background for 5 minutes.

Demo

  1. Open Chrome 116 or newer, on a desktop computer.
  2. Open chrome://flags/#one-time-permission and select Enable. Restart Chrome. This step force-enables one-time permissions in case they aren’t yet rolled out in your Chrome browser.
  3. Open https://permission.site/one-time.
  4. Click the Geolocation button.
  5. Observe the new one-time permission prompt.
  6. Pick Allow this time.
  7. Open the Site controls. Observe that you can manage the one-time permission.
  8. Close the tab for https://permission.site/one-time. Make sure that no other tab for that origin is open.
  9. Open https://permission.site/one-time in a new tab.
  10. Open the Site controls. Navigate to the Site settings.
  11. Observe that the Geolocation permission is now back to its initial state: Ask (default).

Conclusion and feedback

One-time permissions offer users more choice, and Chrome’s new permission UI brings a more consistent permission user experience across browsers and platforms.

If you encounter any issues with one-time permissions, file a new crbug issue for permission prompts.

Acknowledgements

Thanks to Rachel Andrew, Serena Chen, Balazs Engedy, Marian Harbach, Florian Jacky and Thomas Steiner for reviewing this article.

This post is also available in: Norsk bokmål

author-avatar

About Aksel Lian

En selvstendig full stack webutvikler med en bred variasjon av kunnskaper herunder SEO, CMS, Webfotografi, Webutvikling inkl. kodespråk..