-
Notifications
You must be signed in to change notification settings - Fork 155
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Architecture discussion: Permissions #298
Comments
To be clear, I do think that there is room here to include things which are not strictly permissions, but behave in the same way as permission delegation (available to top-level documents, requiring the developer to delegate across origin boundaries in nested frames) That would include things like The critical thing is that there is a well-defined (and expected) failure mode for web developers. This is probably not suitable for APIs which can reasonably be expected to never fail, since there is no explicit opt-in. Permissions fit this model, as does fullscreen, as well as new APIs which were designed to be restricted in third parties. |
Another thing which isn't a permission is the ability to autoplay media, listed in #296. It does meet the "well-defined (and expected) failure mode for web developers" criteria. |
With a default allowlist of |
If we can do it, standardizing on a universal allowlist of |
wrt the orig post's bulleted list of five proposed behavioral facets for "powerful features and permisions" (PFAP?), I'm curious wrt #4 & #5:
Those two statements seem to be in conflict to me: #4 is saying "if something is turned off in a browsing context, it can't be turned on in a child browsing context no how, period", and then #5 is saying (to me anyway), "no worries, just issue a Perhaps this apparent impedance mismatch is un-intended, or I'm misreading? |
The header would have to be set on the parent with a policy that would permit descendants (equivalent to the |
@equalsJeffH, I guess that wording was confusing. What I mean there is more like this (written here as three separate scenarios):
|
Ok, thanks for explanation, its clear now. So those items 1, 2, 3, replace bullets (4) & (5) in the orig post? |
If I were going to replace them, I might say:
(To avoid switching from declarative statements to story-telling mode, at least) |
WRT the name "permission features", I suggest using something other than the latter because of confusion with the Permissions spec spec and "permissions" in general. The Permissions spec uses the terms "powerful feature" and "feature" to refer to the named things that
I'm thinking I'd refer to the sort of features you are presently terming "Permission features" (in the first bullet in the orig post) as simply "powerful features", link that term to the definition in Permissions spec, and while also noting that not all powerful features have a |
FWIW, I wouldn't take what the Permission specification says today as golden. We can change it to be more precise and fit better with what we're trying to enable here (or even merge them, which is what I'd personally like to see for the |
@annevk wrote
OK.
Yeah, that's an interesting idea. |
As mentioned in https://github.com/w3c/webappsec-feature-policy/issues/282#issuecomment-486267212, there's interest in splitting different types of policies out into different pieces of FP. I'm going to try to define the 'permissions' piece here, and leave the other two to their own issues. This issue can become the central bikeshed for that behaviour.
That said, of the three, permissions require the least deviation from the existing FP spec.
<iframe allow>
attribute can be used to change this, to decline an otherwise-granted permission, or to enable an otherwise blocked permission in a child frame (as currently specced by FP)The text was updated successfully, but these errors were encountered: