HTTP Feature-Policy header is ignored
Reported by
sime.vi...@gmail.com,
Jul 27 2017
|
||
Issue descriptionUserAgent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:56.0) Gecko/20100101 Firefox/56.0 Steps to reproduce the problem: 1. Open https://output.jsbin.com/wubaric/quiet 2. Press the "Go fullscreen" button What is the expected behavior? The page should not go into fullscreen, since the Fullscreen API has been disabled via this header: feature-policy: { "fullscreen": [] } According to Chrome Platform Status [1], Feature Policy is now enabled in Chrome. [1]: https://www.chromestatus.com/feature/5694225681219584 What went wrong? The page went into fullscreen. Did this work before? No Does this work in other browsers? N/A Chrome version: Version 60.0.3112.78 (Official Build) (64-bit) Channel: stable OS Version: 10.0 Flash Version:
,
Jul 27 2017
The header is disabled (we elected not to ship that part) in M60; we had several long discussions about the syntax and eventually decided that to avoid burning in the JSON format if we were not going to standardize on it, we would not parse that. We're actually moving very quickly to a csp-inspired format which will apply to both the header and the <iframe allow> attribute. We're aiming for M62 support for that. I'll update chromestatus.com with the actual state-of-the-world.
,
Jul 27 2017
Thanks for the update. This bug can be closed.
,
Jul 28 2017
As per comment #3, closing this issue . Please feel free to raise a new issue if any issues faced in latest chrome channels. Thanks! |
||
►
Sign in to add a comment |
||
Comment 1 by rsleevi@chromium.org
, Jul 27 2017Components: Blink>FeaturePolicy