"If the allowlist contains an origin representing self" is unclear

w3c / webappsec-permissions-policy

A mechanism to selectively enable and disable browser features and APIs

https://w3c.github.io/webappsec-permissions-policy/

Other

399 stars 155 forks source link

"If the allowlist contains an origin representing self" is unclear #520

Closed annevk closed 1 year ago

annevk commented 1 year ago

I think I kinda understand what this means, but this should be more explicit in some way.

clelland commented 1 year ago

I wasn't sure if the new text was clear enough -- from 4.7, allowlists can have "up to two additional origins (one representing self and one representing src)."

Maybe it would be better to define two additional optional members on allowlist: one for an origin representing self and one for an origin representing src, and then refer to those by name.

clelland commented 1 year ago

Mentioned on the PR earlier: https://github.com/w3c/webappsec-permissions-policy/pull/516#issuecomment-1584733654

@arichiv FYI