Even then, notification permission should not be requested without some sort of prior input from the user. A simple red bell icon with the hover text "enable notifications" would work so much better than the user being assaulted with the dialogue box right away.
It really is a shame to see how terribly these permission requests have been abused, especially by news sites. I see this is a push for engagement by management, and not sufficient pushback from developers against this dark pattern.
This is not a difficult feature to implement well, and we should know how to do it properly after years of mobile permission request design.
Yeah, it should require user interaction to trigger the prompt. In fact, some of the better websites do this already.
This should be the same for nearly everything, like:
- playing video/audio automatically
- ___location access
- direct GPU access
In fact, it would probably make sense to include all scripting (JavaScript and web assembly).
To make this suck less, the website should be able to request multiple permissions at once, with each permission able to be granted individually and websites able to put a short reason why each is being requested. Those permissions should show up in an easy to use menu for each site, like the TLS info button. Perhaps that same menu is the only way to enable/disable, so no popups, and all permissions are disabled by default.
Pokémon Showdown uses it for both – telling you your opponent moved, and message notifications when used as a chat app.
It doesn't ask for the permission until you start a game or send a private message, though. I think the original version of the spec required an interaction before the permission prompt when I implemented it – I'm surprised the restriction was removed.
