(Sending this from the right email address this time, hopefully) Hi WebKit!
I'd like to ask WebKit leads for their stance on the Permissions-Policy header (https://www.chromestatus.com/feature/5745992911552512) Permissions Policy is the new (since https://github.com/w3c/webappsec-permissions-policy/issues/359) name for Feature Policy, and the Permissions-Policy header is part of that spec. WebKit has supported Feature Policy through the <iframe allow> attribute for some time, and the header has been designed to augment that functionality, by allowing sites to control which origins should never be granted use of powerful features. (Previously, the Feature-Policy header could be used to implicitly *grant* that delegation, rather than blocking it; that has been changed in response to developer feedback) I'm happy to discuss this in any forum, if folks have questions. Thanks! Ian Other references: Spec: https://w3c.github.io/webappsec-permissions-policy/ Tag review: https://github.com/w3ctag/design-reviews/issues/341 Original intent to prototype in Blink: https://groups.google.com/a/chromium.org/d/msg/blink-dev/As1ABvc2QdA/yZSpPXY4CAAJ
_______________________________________________ webkit-dev mailing list email@example.com https://lists.webkit.org/mailman/listinfo/webkit-dev