How to decide what is governed by feature policy #248
Labels
Comments
|
I think the issue of how to actually decide might be best discussed in #252. I'll add some non-normative text to the spec describing the applicability of feature policy to different types of features to close this out. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Mozilla has an implementation of feature policy now, but in discussing where to apply it, we had trouble identifying what it is for. It seems like the spec is written very generically, or - as @bzbarsky puts it - a generic mapping of string to boolean with some very specific ways on how that boolean is calculated.
The opinions the spec has with respect to the propagation of that boolean makes it better suited to certain applications. The application of this to permissions is very obvious, and we think that we understand - and like - what it means for things like fullscreen or geolocation.
On the other hand, we don't understand the performance or security applications. For instance, 'sync-xhr' seems like its primary application is creating bustage in framed content.
The spec should describe more clearly what criteria are used to decide if something is a suitable subject for inclusion in a feature policy.
The text was updated successfully, but these errors were encountered: