[webkit-dev] Request for position on Permissions-Policy header
Ian Clelland
iclelland at chromium.org
Tue Sep 29 08:14:03 PDT 2020
(Sending this from the right email address this time, hopefully)
Hi WebKit!
I'd like to ask WebKit leads for their stance on the Permissions-Policy
header (https://www.chromestatus.com/feature/5745992911552512)
Permissions Policy is the new (since
https://github.com/w3c/webappsec-permissions-policy/issues/359) name for
Feature Policy, and the Permissions-Policy header is part of that spec.
WebKit has supported Feature Policy through the <iframe allow> attribute
for some time, and the header has been designed to augment that
functionality, by allowing sites to control which origins should never be
granted use of powerful features. (Previously, the Feature-Policy header
could be used to implicitly *grant* that delegation, rather than blocking
it; that has been changed in response to developer feedback)
I'm happy to discuss this in any forum, if folks have questions.
Thanks!
Ian
Other references:
Spec: https://w3c.github.io/webappsec-permissions-policy/
Tag review: https://github.com/w3ctag/design-reviews/issues/341
Original intent to prototype in Blink:
https://groups.google.com/a/chromium.org/d/msg/blink-dev/As1ABvc2QdA/yZSpPXY4CAAJ
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.webkit.org/pipermail/webkit-dev/attachments/20200929/9a23baff/attachment.htm>
More information about the webkit-dev
mailing list