Summary: FeaturePolicy spec allows developers to enable or disable features (browser features ad APIs) for their website and for 3rd party contexts. FeaturePolicy consists in 3 mayor parts:
* a HTTP header with the policy, similar to CSP header * an 'allowed' attribute for HTMLIFrameElements to define feature policies for nested contexts. * a WebIDL interface that allows querying the features. My implementation covers all these 3 aspects. Bug: https://bugzilla.mozilla.org/show_bug.cgi?id=1390801 Link to standard: https://wicg.github.io/feature-policy/ Platform coverage: everywhere. Estimated or target release: I would like to enable this feature only in nightly for a cycle after landing. This would probably be 65. Preference behind which this will be implemented: dom.security.featurePolicy.enabled Is this feature enabled by default in sandboxed iframes? Yes, it is DevTools bug: No devtools support. Do other browser engines implement this? Chromium, since 63. Safari since 11.1 (partially - only 'allowed' attributed is supported). web-platform-tests: There are several policy WPTs features. With my patches we are almost green everywhere, ignoring payment API and picture-in-picture. Is this feature restricted to secure contexts? No, it isn’t. _______________________________________________ dev-platform mailing list dev-platform@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-platform