Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Replace Feature Policy integration with Document Policy #296

Open
clelland opened this issue Nov 6, 2020 · 0 comments
Open

Replace Feature Policy integration with Document Policy #296

clelland opened this issue Nov 6, 2020 · 0 comments

Comments

@clelland
Copy link
Contributor

clelland commented Nov 6, 2020

Following the discussion in w3c/webappsec-permissions-policy#410, it seems that there is interest in replacing the existing integration with Feature Policy with a similar Document Policy integration.

The largest difference between the two is that a document policy in one frame does not necessarily affect its embedded content; the parent can switch off synchronous XHR for itself, while allowing its children to make the same decision on their own. Document Policy does define a mode by which child frames can be required to disable sync-xhr, but this requires an explicit opt in by the embedded document, and is not simply imposed by the embedder, as it is with Feature Policy.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@clelland