New issue
Advanced search Search tips
Note: Color blocks (like or ) mean that a user may not be available. Tooltip shows the reason.

Issue 666767 link

Starred by 5 users

Issue metadata

Status: Fixed
Last visit > 30 days ago
Closed: Aug 2017
EstimatedDays: ----
NextAction: ----
OS: Linux , Android , Windows , Chrome , Mac
Pri: 1
Type: Feature

issue 779691
issue 670502

Sign in to add a comment

Feature Policy: Support WebVR API

Project Member Reported by, Nov 18 2016

Issue description

Add support for the "webvr" feature in Feature Policy.

The feature hasn't been defined yet in FeaturePolicy.cpp. It should be defined there, and checked before allowing the use of Document.getVRDisplays.

(Check with VR team about whether any other calls need to be blocked; that is the only one mentioned in the spec under the "allowvr" iframe attribute)

If not allowed by policy, the call to getVRDisplays should return a rejected promise.

Labels: Proj-VR
WebVR issue:

Comment 2 by, Nov 24 2016

To clarify, you mean having a Chrome policy that can be used to disable WebVR support?
Feature Policy refers to*, which is a mechanisms for apps/servers to control whether features are enabled, including on embedded iframes.

* See the explainer - the spec is out of date.
+1 to everything ddorwin@ said :)

FP GitHub issue:

This will hopefully be able to replace the "allowvr" iframe attribute with a more configurable policy that can be set by ancestor frames.

This Chromium issue is to implement the linkage between the feature policy code and the WebVR code, to actually deny access to the API in cases where the policy says it should be disabled.

(Sorry if that means the Component is misleading; I've put out a request for a Blink>FeaturePolicy component, but it's not there yet)
Blocking: 670502
Labels: -OS-Linux -OS-Android -OS-Windows -OS-Chrome -OS-Mac OS-All
I had left iOS out of the OS list, since FeaturePolicy is a Blink-specific feature. I'm not certain that we'll be able to support iOS.
Components: Blink>FeaturePolicy
Blocking: -623682
Labels: -OS-All -Feature-Policy Feature-Policy-V2 OS-Android OS-Chrome OS-Linux OS-Mac OS-Windows
Not blocking launch; slated for V2
Labels: -Pri-3 M-62 Pri-2
iclelland: We'd like to start requiring this in the next update to WebVR, which would be in M62. Is there anything on the Feature Policy side that would block this?
Labels: Type-Feature
Labels: -Pri-2 Pri-1

Comment 13 by, Aug 14 2017

Status: Assigned (was: Available)
Project Member

Comment 14 by, Aug 30 2017

The following revision refers to this bug:

commit 36e485aae6fcb3231843941f750df0428bcb401d
Author: Biao She <>
Date: Wed Aug 30 23:52:38 2017

Add vr feature policy

This CL enables vr feature policy. So that, if you want to disable vr within
your application, you can delivering the following HTTP response header:
Feature-Policy: vr 'none'
If you want to enable vr for all frames(including cross-origin iframes),
delivering this:
Feature-Policy: vr *
If you want to enable vr just for your own origin, delivering this:
Feature-Policy: vr 'self'

To request vr for iframes, you can
<iframe src="" allow="vr"></iframe> to grant vr to this iframe.

Bug:  666767 
Change-Id: I48d7accf8553d6a9ac19d9f41dbbce2ff9934579
Reviewed-by: Ian Vollick <>
Reviewed-by: Michael Thiessen <>
Reviewed-by: Daniel Cheng <>
Reviewed-by: Brandon Jones <>
Reviewed-by: Ian Clelland <>
Commit-Queue: Biao She <>
Cr-Commit-Position: refs/heads/master@{#498674}

Comment 15 by, Aug 31 2017

Status: Fixed (was: Assigned)
Blocking: 779691
Components: Blink>WebXR

Sign in to add a comment