The NDEFReader makeReadOnly() method allows web developers to make NFC tags permanently read-only with Web NFC.

Motivation

Since we’ve shipped Web NFC in Chrome 89, developers have been asking for a way to “lock” NFC tags to prevent malicious users from overwriting their content. See https://github.com/w3c/web-nfc/issues/558 This operation is a one-way process and cannot be reversed. Once an NFC tag has been made read-only, it can't be written anymore. Existing Web NFC restrictions apply to makeReadOnly(): It is only available to top-level frames and secure browsing contexts (HTTPS only). Origins must first request the "nfc" permission while handling a user gesture (e.g. a button click). To then make the NFC tag read-only, the web page must be visible when the user touches an NFC tag with their device, while still handling a user gesture. The browser uses haptic feedback to indicate a tap. Access to the NFC radio is blocked if the display is off or the device is locked. When a page is placed in the background, receiving and pushing NFC content is suspended.

Specification

Specification link


Specification being incubated in a Community Group

Status in Chromium

Blink>NFC


In developer trial (Behind a flag) (tracking bug)

Consensus & Standardization

After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.

  • No signal
  • No signal
  • Positive

Owner

Intent to Prototype url

Intent to Prototype thread

Last updated on 2022-01-24