For the future version of Feature Policy, it should enable complete syntax (i.e., allow granular definition of feature and on which origins it will be enabled/disabled) just like the HTTP header policy.
Update: https://github.com/WICG/feature-policy/issues/78#issuecomment-316097292
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/0adeb97efdd1fd250cd6675f69bc0aa08aee868f commit 0adeb97efdd1fd250cd6675f69bc0aa08aee868f Author: Luna Lu <loonybear@chromium.org> Date: Mon Aug 14 15:54:29 2017 Remove FrameOwnerProperties.allowed_features As container policy is constructed and passed to FrameOwner. We don't need to keep a copy of allowed_features which is used to construct container policy. Bug: 726739 Change-Id: I1681893c3e45054ebdb62c75f55d63077d74f55c Reviewed-on: https://chromium-review.googlesource.com/611083 Reviewed-by: Daniel Cheng <dcheng@chromium.org> Reviewed-by: Alex Moshchuk <alexmos@chromium.org> Reviewed-by: Ian Clelland <iclelland@chromium.org> Commit-Queue: Luna Lu <loonybear@chromium.org> Cr-Commit-Position: refs/heads/master@{#494057} [modify] https://crrev.com/0adeb97efdd1fd250cd6675f69bc0aa08aee868f/content/browser/site_per_process_browsertest.cc [modify] https://crrev.com/0adeb97efdd1fd250cd6675f69bc0aa08aee868f/content/common/frame_messages.h [modify] https://crrev.com/0adeb97efdd1fd250cd6675f69bc0aa08aee868f/content/common/frame_owner_properties.cc [modify] https://crrev.com/0adeb97efdd1fd250cd6675f69bc0aa08aee868f/content/common/frame_owner_properties.h [modify] https://crrev.com/0adeb97efdd1fd250cd6675f69bc0aa08aee868f/content/renderer/frame_owner_properties.cc [modify] https://crrev.com/0adeb97efdd1fd250cd6675f69bc0aa08aee868f/third_party/WebKit/Source/core/exported/LocalFrameClientImpl.cpp [modify] https://crrev.com/0adeb97efdd1fd250cd6675f69bc0aa08aee868f/third_party/WebKit/Source/core/exported/WebFrame.cpp [modify] https://crrev.com/0adeb97efdd1fd250cd6675f69bc0aa08aee868f/third_party/WebKit/Source/core/frame/FrameOwner.h [modify] https://crrev.com/0adeb97efdd1fd250cd6675f69bc0aa08aee868f/third_party/WebKit/Source/core/frame/RemoteFrameOwner.h [modify] https://crrev.com/0adeb97efdd1fd250cd6675f69bc0aa08aee868f/third_party/WebKit/Source/core/frame/WebLocalFrameImpl.cpp [modify] https://crrev.com/0adeb97efdd1fd250cd6675f69bc0aa08aee868f/third_party/WebKit/Source/core/html/HTMLFrameOwnerElement.cpp [modify] https://crrev.com/0adeb97efdd1fd250cd6675f69bc0aa08aee868f/third_party/WebKit/Source/core/html/HTMLFrameOwnerElement.h [modify] https://crrev.com/0adeb97efdd1fd250cd6675f69bc0aa08aee868f/third_party/WebKit/Source/core/html/HTMLIFrameElement.cpp [modify] https://crrev.com/0adeb97efdd1fd250cd6675f69bc0aa08aee868f/third_party/WebKit/Source/core/html/HTMLIFrameElement.h [modify] https://crrev.com/0adeb97efdd1fd250cd6675f69bc0aa08aee868f/third_party/WebKit/public/web/WebFrameOwnerProperties.h
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/eaa2793bd5e54eb5c0d724d4160a7a572c6b7ced commit eaa2793bd5e54eb5c0d724d4160a7a572c6b7ced Author: Luna Lu <loonybear@chromium.org> Date: Tue Aug 29 20:20:39 2017 Support complete feature policy syntax in iframe attribute This requies update current syntax to adopt CSP syntax, for more details please refer to the doc: https://docs.google.com/document/d/1903nztB5tHN_8g_GDtNT9KkkjRAuid1eaS8kT99mlDs/edit For consistency, feature policy http header policy will also be using the same syntax. Bug: 726739 Change-Id: Iac71b7ef971b58fa1f125b13d6e472b15450cb47 Reviewed-on: https://chromium-review.googlesource.com/620948 Commit-Queue: Ian Clelland <iclelland@chromium.org> Reviewed-by: Oliver Chang <ochang@chromium.org> Reviewed-by: Mike West <mkwst@chromium.org> Reviewed-by: Nico Weber <thakis@chromium.org> Reviewed-by: Ian Clelland <iclelland@chromium.org> Cr-Commit-Position: refs/heads/master@{#498214} [modify] https://crrev.com/eaa2793bd5e54eb5c0d724d4160a7a572c6b7ced/content/test/data/allowed_frames.html [modify] https://crrev.com/eaa2793bd5e54eb5c0d724d4160a7a572c6b7ced/content/test/data/feature-policy-main.html.mock-http-headers [modify] https://crrev.com/eaa2793bd5e54eb5c0d724d4160a7a572c6b7ced/content/test/data/feature-policy1.html.mock-http-headers [modify] https://crrev.com/eaa2793bd5e54eb5c0d724d4160a7a572c6b7ced/content/test/data/feature-policy2.html.mock-http-headers [modify] https://crrev.com/eaa2793bd5e54eb5c0d724d4160a7a572c6b7ced/testing/libfuzzer/fuzzers/feature_policy_corpus/1 [modify] https://crrev.com/eaa2793bd5e54eb5c0d724d4160a7a572c6b7ced/testing/libfuzzer/fuzzers/feature_policy_corpus/10 [modify] https://crrev.com/eaa2793bd5e54eb5c0d724d4160a7a572c6b7ced/testing/libfuzzer/fuzzers/feature_policy_corpus/11 [modify] https://crrev.com/eaa2793bd5e54eb5c0d724d4160a7a572c6b7ced/testing/libfuzzer/fuzzers/feature_policy_corpus/12 [modify] https://crrev.com/eaa2793bd5e54eb5c0d724d4160a7a572c6b7ced/testing/libfuzzer/fuzzers/feature_policy_corpus/13 [modify] https://crrev.com/eaa2793bd5e54eb5c0d724d4160a7a572c6b7ced/testing/libfuzzer/fuzzers/feature_policy_corpus/14 [modify] https://crrev.com/eaa2793bd5e54eb5c0d724d4160a7a572c6b7ced/testing/libfuzzer/fuzzers/feature_policy_corpus/2 [modify] https://crrev.com/eaa2793bd5e54eb5c0d724d4160a7a572c6b7ced/testing/libfuzzer/fuzzers/feature_policy_corpus/3 [modify] https://crrev.com/eaa2793bd5e54eb5c0d724d4160a7a572c6b7ced/testing/libfuzzer/fuzzers/feature_policy_corpus/5 [modify] https://crrev.com/eaa2793bd5e54eb5c0d724d4160a7a572c6b7ced/testing/libfuzzer/fuzzers/feature_policy_corpus/6 [modify] https://crrev.com/eaa2793bd5e54eb5c0d724d4160a7a572c6b7ced/testing/libfuzzer/fuzzers/feature_policy_corpus/7 [modify] https://crrev.com/eaa2793bd5e54eb5c0d724d4160a7a572c6b7ced/testing/libfuzzer/fuzzers/feature_policy_corpus/8 [modify] https://crrev.com/eaa2793bd5e54eb5c0d724d4160a7a572c6b7ced/testing/libfuzzer/fuzzers/feature_policy_corpus/9 [modify] https://crrev.com/eaa2793bd5e54eb5c0d724d4160a7a572c6b7ced/third_party/WebKit/LayoutTests/external/wpt/feature-policy/resources/featurepolicy.js [modify] https://crrev.com/eaa2793bd5e54eb5c0d724d4160a7a572c6b7ced/third_party/WebKit/LayoutTests/external/wpt/payment-request/payment-allowed-by-feature-policy.https.sub.html.headers [modify] https://crrev.com/eaa2793bd5e54eb5c0d724d4160a7a572c6b7ced/third_party/WebKit/LayoutTests/external/wpt/payment-request/payment-disabled-by-feature-policy.https.sub.html.headers [modify] https://crrev.com/eaa2793bd5e54eb5c0d724d4160a7a572c6b7ced/third_party/WebKit/LayoutTests/external/wpt/webusb/usb-allowed-by-feature-policy.https.sub.html.headers [modify] https://crrev.com/eaa2793bd5e54eb5c0d724d4160a7a572c6b7ced/third_party/WebKit/LayoutTests/external/wpt/webusb/usb-disabled-by-feature-policy.https.sub.html.headers [modify] https://crrev.com/eaa2793bd5e54eb5c0d724d4160a7a572c6b7ced/third_party/WebKit/LayoutTests/http/tests/feature-policy-experimental-features/vibrate-allowed-by-container-policy-relocate-and-no-reload-expected.txt [modify] https://crrev.com/eaa2793bd5e54eb5c0d724d4160a7a572c6b7ced/third_party/WebKit/LayoutTests/http/tests/feature-policy-experimental-features/vibrate-disabled-expected.txt [modify] https://crrev.com/eaa2793bd5e54eb5c0d724d4160a7a572c6b7ced/third_party/WebKit/LayoutTests/http/tests/feature-policy-experimental-features/vibrate-disabled.php [modify] https://crrev.com/eaa2793bd5e54eb5c0d724d4160a7a572c6b7ced/third_party/WebKit/LayoutTests/http/tests/feature-policy-experimental-features/vibrate-enabledforall.php [modify] https://crrev.com/eaa2793bd5e54eb5c0d724d4160a7a572c6b7ced/third_party/WebKit/LayoutTests/http/tests/feature-policy-experimental-features/vibrate-enabledforself-expected.txt [modify] https://crrev.com/eaa2793bd5e54eb5c0d724d4160a7a572c6b7ced/third_party/WebKit/LayoutTests/http/tests/feature-policy-experimental-features/vibrate-enabledforself.php [modify] https://crrev.com/eaa2793bd5e54eb5c0d724d4160a7a572c6b7ced/third_party/WebKit/LayoutTests/http/tests/feature-policy/fullscreen-disabled.php [modify] https://crrev.com/eaa2793bd5e54eb5c0d724d4160a7a572c6b7ced/third_party/WebKit/LayoutTests/http/tests/feature-policy/fullscreen-enabledforall.php [modify] https://crrev.com/eaa2793bd5e54eb5c0d724d4160a7a572c6b7ced/third_party/WebKit/LayoutTests/http/tests/feature-policy/fullscreen-enabledforself.php [modify] https://crrev.com/eaa2793bd5e54eb5c0d724d4160a7a572c6b7ced/third_party/WebKit/LayoutTests/http/tests/feature-policy/payment-disabled.php [modify] https://crrev.com/eaa2793bd5e54eb5c0d724d4160a7a572c6b7ced/third_party/WebKit/LayoutTests/http/tests/feature-policy/payment-enabledforall.php [modify] https://crrev.com/eaa2793bd5e54eb5c0d724d4160a7a572c6b7ced/third_party/WebKit/LayoutTests/http/tests/feature-policy/payment-enabledforself.php [modify] https://crrev.com/eaa2793bd5e54eb5c0d724d4160a7a572c6b7ced/third_party/WebKit/Source/core/BUILD.gn [modify] https://crrev.com/eaa2793bd5e54eb5c0d724d4160a7a572c6b7ced/third_party/WebKit/Source/core/dom/Document.cpp [modify] https://crrev.com/eaa2793bd5e54eb5c0d724d4160a7a572c6b7ced/third_party/WebKit/Source/core/html/BUILD.gn [modify] https://crrev.com/eaa2793bd5e54eb5c0d724d4160a7a572c6b7ced/third_party/WebKit/Source/core/html/HTMLFrameElement.cpp [modify] https://crrev.com/eaa2793bd5e54eb5c0d724d4160a7a572c6b7ced/third_party/WebKit/Source/core/html/HTMLFrameElement.h [modify] https://crrev.com/eaa2793bd5e54eb5c0d724d4160a7a572c6b7ced/third_party/WebKit/Source/core/html/HTMLFrameOwnerElement.cpp [modify] https://crrev.com/eaa2793bd5e54eb5c0d724d4160a7a572c6b7ced/third_party/WebKit/Source/core/html/HTMLFrameOwnerElement.h [modify] https://crrev.com/eaa2793bd5e54eb5c0d724d4160a7a572c6b7ced/third_party/WebKit/Source/core/html/HTMLIFrameElement.cpp [modify] https://crrev.com/eaa2793bd5e54eb5c0d724d4160a7a572c6b7ced/third_party/WebKit/Source/core/html/HTMLIFrameElement.h [modify] https://crrev.com/eaa2793bd5e54eb5c0d724d4160a7a572c6b7ced/third_party/WebKit/Source/core/html/HTMLIFrameElement.idl [delete] https://crrev.com/8a50087c8ccc71c32b8544559d0841798b369c0e/third_party/WebKit/Source/core/html/HTMLIFrameElementAllow.cpp [delete] https://crrev.com/8a50087c8ccc71c32b8544559d0841798b369c0e/third_party/WebKit/Source/core/html/HTMLIFrameElementAllow.h [delete] https://crrev.com/8a50087c8ccc71c32b8544559d0841798b369c0e/third_party/WebKit/Source/core/html/HTMLIFrameElementAllowTest.cpp [modify] https://crrev.com/eaa2793bd5e54eb5c0d724d4160a7a572c6b7ced/third_party/WebKit/Source/core/html/HTMLIFrameElementTest.cpp [modify] https://crrev.com/eaa2793bd5e54eb5c0d724d4160a7a572c6b7ced/third_party/WebKit/Source/core/html/HTMLPlugInElement.cpp [modify] https://crrev.com/eaa2793bd5e54eb5c0d724d4160a7a572c6b7ced/third_party/WebKit/Source/core/html/HTMLPlugInElement.h [modify] https://crrev.com/eaa2793bd5e54eb5c0d724d4160a7a572c6b7ced/third_party/WebKit/Source/core/loader/DocumentLoader.cpp [modify] https://crrev.com/eaa2793bd5e54eb5c0d724d4160a7a572c6b7ced/third_party/WebKit/Source/platform/feature_policy/FeaturePolicy.cpp [modify] https://crrev.com/eaa2793bd5e54eb5c0d724d4160a7a572c6b7ced/third_party/WebKit/Source/platform/feature_policy/FeaturePolicy.h [modify] https://crrev.com/eaa2793bd5e54eb5c0d724d4160a7a572c6b7ced/third_party/WebKit/Source/platform/feature_policy/FeaturePolicyFuzzer.cpp [modify] https://crrev.com/eaa2793bd5e54eb5c0d724d4160a7a572c6b7ced/third_party/WebKit/Source/platform/feature_policy/FeaturePolicyTest.cpp
At one point, I also need to update the guideline since the old syntax is not longer being supported.
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/3c6772f4d5ba196165c0c3cb0352c6c2970cc482 commit 3c6772f4d5ba196165c0c3cb0352c6c2970cc482 Author: Luna Lu <loonybear@chromium.org> Date: Thu Aug 31 21:42:23 2017 Support header policy to enable features on self origin by specifying just the feature name Bug: 726739 Change-Id: Idd4c2667ed17e730b2886e472484d9b5a7ed5807 Reviewed-on: https://chromium-review.googlesource.com/646379 Commit-Queue: Luna Lu <loonybear@chromium.org> Commit-Queue: Jeremy Roman <jbroman@chromium.org> Reviewed-by: Jeremy Roman <jbroman@chromium.org> Reviewed-by: Ian Clelland <iclelland@chromium.org> Reviewed-by: Oliver Chang <ochang@chromium.org> Cr-Commit-Position: refs/heads/master@{#499016} [add] https://crrev.com/3c6772f4d5ba196165c0c3cb0352c6c2970cc482/testing/libfuzzer/fuzzers/feature_policy_corpus/15 [modify] https://crrev.com/3c6772f4d5ba196165c0c3cb0352c6c2970cc482/third_party/WebKit/Source/platform/feature_policy/FeaturePolicy.cpp [modify] https://crrev.com/3c6772f4d5ba196165c0c3cb0352c6c2970cc482/third_party/WebKit/Source/platform/feature_policy/FeaturePolicyTest.cpp
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/a74fa697e4fd38c64c05491f809d012d42eccb53 commit a74fa697e4fd38c64c05491f809d012d42eccb53 Author: Luna Lu <loonybear@chromium.org> Date: Fri Sep 01 12:34:45 2017 Add UseCounter for old allow attribute syntax Bug: 726739 , 761009 Change-Id: Ifd0a8e7a020e20b86fe218b607ac69a041b73ce3 Reviewed-on: https://chromium-review.googlesource.com/643759 Commit-Queue: Luna Lu <loonybear@chromium.org> Reviewed-by: Jeremy Roman <jbroman@chromium.org> Cr-Commit-Position: refs/heads/master@{#499172} [modify] https://crrev.com/a74fa697e4fd38c64c05491f809d012d42eccb53/third_party/WebKit/Source/core/html/HTMLFrameElement.cpp [modify] https://crrev.com/a74fa697e4fd38c64c05491f809d012d42eccb53/third_party/WebKit/Source/core/html/HTMLFrameElement.h [modify] https://crrev.com/a74fa697e4fd38c64c05491f809d012d42eccb53/third_party/WebKit/Source/core/html/HTMLFrameOwnerElement.cpp [modify] https://crrev.com/a74fa697e4fd38c64c05491f809d012d42eccb53/third_party/WebKit/Source/core/html/HTMLFrameOwnerElement.h [modify] https://crrev.com/a74fa697e4fd38c64c05491f809d012d42eccb53/third_party/WebKit/Source/core/html/HTMLIFrameElement.cpp [modify] https://crrev.com/a74fa697e4fd38c64c05491f809d012d42eccb53/third_party/WebKit/Source/core/html/HTMLIFrameElement.h [modify] https://crrev.com/a74fa697e4fd38c64c05491f809d012d42eccb53/third_party/WebKit/Source/core/html/HTMLIFrameElementTest.cpp [modify] https://crrev.com/a74fa697e4fd38c64c05491f809d012d42eccb53/third_party/WebKit/Source/core/html/HTMLPlugInElement.cpp [modify] https://crrev.com/a74fa697e4fd38c64c05491f809d012d42eccb53/third_party/WebKit/Source/core/html/HTMLPlugInElement.h [modify] https://crrev.com/a74fa697e4fd38c64c05491f809d012d42eccb53/third_party/WebKit/Source/platform/feature_policy/FeaturePolicy.cpp [modify] https://crrev.com/a74fa697e4fd38c64c05491f809d012d42eccb53/third_party/WebKit/Source/platform/feature_policy/FeaturePolicy.h [modify] https://crrev.com/a74fa697e4fd38c64c05491f809d012d42eccb53/third_party/WebKit/public/platform/web_feature.mojom [modify] https://crrev.com/a74fa697e4fd38c64c05491f809d012d42eccb53/tools/metrics/histograms/enums.xml
The following revision refers to this bug: https://chromium.googlesource.com/chromium/src.git/+/3fef18aadef8165283e773ccab3b5886653b4a46 commit 3fef18aadef8165283e773ccab3b5886653b4a46 Author: Ian Clelland <iclelland@google.com> Date: Thu Sep 07 16:59:41 2017 Add UseCounter for old allow attribute syntax TBR=loonybear@chromium.org (cherry picked from commit a74fa697e4fd38c64c05491f809d012d42eccb53) Bug: 726739 , 761009 Change-Id: Ifd0a8e7a020e20b86fe218b607ac69a041b73ce3 Reviewed-on: https://chromium-review.googlesource.com/643759 Commit-Queue: Luna Lu <loonybear@chromium.org> Reviewed-by: Jeremy Roman <jbroman@chromium.org> Cr-Original-Commit-Position: refs/heads/master@{#499172} Reviewed-on: https://chromium-review.googlesource.com/655226 Reviewed-by: Ian Clelland <iclelland@chromium.org> Cr-Commit-Position: refs/branch-heads/3202@{#65} Cr-Branched-From: fa6a5d87adff761bc16afc5498c3f5944c1daa68-refs/heads/master@{#499098} [modify] https://crrev.com/3fef18aadef8165283e773ccab3b5886653b4a46/third_party/WebKit/Source/core/html/HTMLFrameElement.cpp [modify] https://crrev.com/3fef18aadef8165283e773ccab3b5886653b4a46/third_party/WebKit/Source/core/html/HTMLFrameElement.h [modify] https://crrev.com/3fef18aadef8165283e773ccab3b5886653b4a46/third_party/WebKit/Source/core/html/HTMLFrameOwnerElement.cpp [modify] https://crrev.com/3fef18aadef8165283e773ccab3b5886653b4a46/third_party/WebKit/Source/core/html/HTMLFrameOwnerElement.h [modify] https://crrev.com/3fef18aadef8165283e773ccab3b5886653b4a46/third_party/WebKit/Source/core/html/HTMLIFrameElement.cpp [modify] https://crrev.com/3fef18aadef8165283e773ccab3b5886653b4a46/third_party/WebKit/Source/core/html/HTMLIFrameElement.h [modify] https://crrev.com/3fef18aadef8165283e773ccab3b5886653b4a46/third_party/WebKit/Source/core/html/HTMLIFrameElementTest.cpp [modify] https://crrev.com/3fef18aadef8165283e773ccab3b5886653b4a46/third_party/WebKit/Source/core/html/HTMLPlugInElement.cpp [modify] https://crrev.com/3fef18aadef8165283e773ccab3b5886653b4a46/third_party/WebKit/Source/core/html/HTMLPlugInElement.h [modify] https://crrev.com/3fef18aadef8165283e773ccab3b5886653b4a46/third_party/WebKit/Source/platform/feature_policy/FeaturePolicy.cpp [modify] https://crrev.com/3fef18aadef8165283e773ccab3b5886653b4a46/third_party/WebKit/Source/platform/feature_policy/FeaturePolicy.h [modify] https://crrev.com/3fef18aadef8165283e773ccab3b5886653b4a46/third_party/WebKit/public/platform/web_feature.mojom [modify] https://crrev.com/3fef18aadef8165283e773ccab3b5886653b4a46/tools/metrics/histograms/enums.xml
Comment 1 by lunalu@chromium.org
, Jun 12 2017