Web NFC: NDEFReader makeReadOnly() - Chrome Platform Status

Feature: Web NFC: NDEFReader makeReadOnly()

The NDEFReader makeReadOnly() method allows web developers to make NFC tags permanently read-only with Web NFC.

Motivation

Since we’ve shipped Web NFC in Chrome 89, developers have been asking for a way to “lock” NFC tags to prevent malicious users from overwriting their content. See https://github.com/w3c/web-nfc/issues/558 This operation is a one-way process and cannot be reversed. Once an NFC tag has been made read-only, it can't be written anymore. Existing Web NFC restrictions apply to makeReadOnly(): It is only available to top-level frames and secure browsing contexts (HTTPS only). Origins must first request the "nfc" permission while handling a user gesture (e.g. a button click). To then make the NFC tag read-only, the web page must be visible when the user touches an NFC tag with their device, while still handling a user gesture. The browser uses haptic feedback to indicate a tap. Access to the NFC radio is blocked if the display is off or the device is locked. When a page is placed in the background, receiving and pushing NFC content is suspended.

Specification

Specification link

Status: Specification being incubated in a Community Group

Status in Chromium

Blink components: Blink>NFC

Implementation status: In developer trial (Behind a flag) (tracking bug)

Consensus & Standardization

After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.

Firefox: No signal
Safari: No signal
Web Developers: Positive

Owner

fbeaufort@google.com

Intent to Prototype url

Intent to Prototype thread

Last updated on 2022-01-24