Summary: FeaturePolicy spec allows developers to enable or disable features
(browser features ad APIs) for their website and for 3rd party contexts.
FeaturePolicy consists in 3 mayor parts:

* a HTTP header with the policy, similar to CSP header
* an 'allowed' attribute for HTMLIFrameElements to define feature policies
for nested contexts.
* a WebIDL interface that allows querying the features.

My implementation covers all these 3 aspects.

Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1390801

Link to standard: https://wicg.github.io/feature-policy/

Platform coverage: everywhere.

Estimated or target release: I would like to enable this feature only in
nightly for a cycle after landing. This would probably be 65.

Preference behind which this will be implemented:
dom.security.featurePolicy.enabled

Is this feature enabled by default in sandboxed iframes? Yes, it is

DevTools bug: No devtools support.

Do other browser engines implement this? Chromium, since 63. Safari since
11.1 (partially - only 'allowed' attributed is supported).
web-platform-tests: There are several policy WPTs features. With my patches
we are almost green everywhere, ignoring payment API and picture-in-picture.

Is this feature restricted to secure contexts? No, it isn’t.
_______________________________________________
dev-platform mailing list
dev-platform@lists.mozilla.org
https://lists.mozilla.org/listinfo/dev-platform

Reply via email to