(Sending this from the right email address this time, hopefully)

Hi WebKit!

I'd like to ask WebKit leads for their stance on the Permissions-Policy
header (https://www.chromestatus.com/feature/5745992911552512)

Permissions Policy is the new (since
https://github.com/w3c/webappsec-permissions-policy/issues/359) name for
Feature Policy, and the Permissions-Policy header is part of that spec.

WebKit has supported Feature Policy through the <iframe allow> attribute
for some time, and the header has been designed to augment that
functionality, by allowing sites to control which origins should never be
granted use of powerful features. (Previously, the Feature-Policy header
could be used to implicitly *grant* that delegation, rather than blocking
it; that has been changed in response to developer feedback)

I'm happy to discuss this in any forum, if folks have questions.


Other references:
 Spec: https://w3c.github.io/webappsec-permissions-policy/
 Tag review: https://github.com/w3ctag/design-reviews/issues/341
 Original intent to prototype in Blink:
webkit-dev mailing list

Reply via email to