Feature Policy is properly associated with a document, rather than a frame. The methods which currently exist on Frame and LocalFrame should be moved to SecurityContext and Document as necessary.
(From crrev.com/c/1241194:)
I think the methods were on Frame originally so that remote frames could be queried as easily as localframes, but a) that has mostly not happened, and b) RemoteSecurityContext works just as well for that use case if necessary.
FP is defined as being a property of Documents in the spec now; using SecurityContext makes sense:
- As a parent class of Document
- It's the location of the policy object in memory already
- It will make it easier in the future to extend this to non-document contexts, such as workers.
Comment 1 by iclell...@chromium.org
, Sep 25