johannhof
commented
3 years ago @hober @johnwilander I'll merge this, let me know if you still have any concerns and we can figure those out in follow-ups
Closed johannhof closed 3 years ago
johannhof
commented
3 years ago @hober @johnwilander I'll merge this, let me know if you still have any concerns and we can figure those out in follow-ups
This is a first stab at integrating permissions policy and support nested iframes in the spec, see #10 and #12 . A few notes:
"request-storage-access"). It's important to note that this policy only controls requesting storage access, it does not tell user agents with persistent/passive storage (see #2) how to behave if anallow=noneattribute was added after an iframe received storage access."*"default allowlist which @annevk intended to deprecate. We went back and fort on this but ultimately"*"captures the reality of current implementations best, especially considering that WebKit does not have PP support (and thus implictly default to"*") for the time being. If we had started from scratch on this then maybe"self"would have been the best option, but personally I don't see that happening without WebKit support. Let me know if anyone disagrees.