>I'm wondering if more instructions on the QR code or the page for the doorbell would work better?
In general you should display a prompt explaining why a permission is needed (eg. "we need access to your camera to camera to take a picture to send to the owner, click allow on the next screen to allow."), and only ask for permissions after the user accepts the first prompt.
However in this particular case you shouldn't have to request camera access directly. Using <input type="file" accept="image/*" capture="user> will display an system interface (ie. from the browser or OS) to allow the user to take/select an existing picture. It also already has preview and front/back camera selector built in, so you don't have to implement that yourself.
If you're at the point of asking permissions, might as well grab the location data as well. You could then verify that the person hitting the QR code is actually on your front step which would eliminate all of the false positives like the replay attacks, copies being used in other locations, etc.
100% agree with explaining before asking permission.
I'll have a look at using the `capture` attribute on an input. My initial idea was to do video over webRTC, but the selfie version works okay for a first version
In general you should display a prompt explaining why a permission is needed (eg. "we need access to your camera to camera to take a picture to send to the owner, click allow on the next screen to allow."), and only ask for permissions after the user accepts the first prompt.
However in this particular case you shouldn't have to request camera access directly. Using <input type="file" accept="image/*" capture="user> will display an system interface (ie. from the browser or OS) to allow the user to take/select an existing picture. It also already has preview and front/back camera selector built in, so you don't have to implement that yourself.
https://developer.mozilla.org/en-US/docs/Web/HTML/Attributes...