The NDEFReader makeReadOnly() method allows web developers to make NFC tags permanently read-only with Web NFC.
Since we’ve shipped Web NFC in Chrome 89, developers have been asking for a way to “lock” NFC tags to prevent malicious users from overwriting their content. See https://github.com/w3c/web-nfc/issues/558 This operation is a one-way process and cannot be reversed. Once an NFC tag has been made read-only, it can't be written anymore. Existing Web NFC restrictions apply to makeReadOnly(): It is only available to top-level frames and secure browsing contexts (HTTPS only). Origins must first request the "nfc" permission while handling a user gesture (e.g. a button click). To then make the NFC tag read-only, the web page must be visible when the user touches an NFC tag with their device, while still handling a user gesture. The browser uses haptic feedback to indicate a tap. Access to the NFC radio is blocked if the display is off or the device is locked. When a page is placed in the background, receiving and pushing NFC content is suspended.
Specification being incubated in a Community Group
Status in Chromium
In developer trial (Behind a flag)
Consensus & Standardization
- No signal
- No signal
Intent to Prototype urlIntent to Prototype thread
Last updated on 2022-01-24