New issue
Advanced search Search tips

Issue 750259 link

Starred by 2 users
Status: Fixed
Owner:
loonyb...@chromium.org
Closed: Jan 2018
Cc:
iclell...@chromium.org
Components:
EstimatedDays: ----
NextAction: ----
OS: Linux , Android , Windows , Chrome , Mac , Fuchsia
Pri: 2
Type: Feature

Blocked on:
issue 726739


Sign in to add a comment

Update Feature-Policy header syntax

Project Member Reported by iclell...@chromium.org, Jul 28 2017 
We want to implement the new (csp-based) header syntax for the Feature-Policy HTTP header.

So, rather than the JSON:

Feature-Policy: {"fullscreen": ["*"], "usb": [], "payment": ["self", "https://payment.example.com"]}

we would accept

Feature-Policy: fullscreen "*"; usb "none"; payment "self" https://payment.example.com

This should reuse as much of the existing CSP parser as possible, and should end up being the same parser used for the <iframe allow> attribute.

Comment 1 by loonyb...@chromium.org, Jul 31 2017

Cc: lunalu@chromium.org

Comment 2 by loonyb...@chromium.org, Jul 31 2017

Blockedon: 726739
Cc: -lunalu@chromium.org loonyb...@chromium.org
Iframe "allow" attribute is also adapting the new syntax. Both header policy and container policy will be using CSP parser, so the work can be either in parallel or one after another.

Comment 3 by craig.fr...@gmail.com, Sep 18 2017 

Could the spec be updated:

https://wicg.github.io/feature-policy/

Kind of important, considering Chrome 62 will be stable on the 17th October :-)

Comment 4 by loonyb...@chromium.org, Sep 19 2017

Cc: -loonyb...@chromium.org iclell...@chromium.org
Owner: loonyb...@chromium.org
Hi Ian, if I recall correctly, you are working on updating the spec right?

Thanks

Comment 5 by loonyb...@chromium.org, Sep 19 2017 

FYI, the new header syntax has already been updated. But spec yet needs to be updated.

Comment 6 by loonyb...@chromium.org, Nov 27 2017

Status: Started (was: Available)

Comment 7 by loonyb...@chromium.org, Jan 3 2018

Status: Fixed (was: Started)

Sign in to add a comment