From: <a href="https://noncombatant.github.io/permission-delegation-api/" rel="nofollo

Had an offline chat with <a class="user-mention notranslate" data-hovercard-type="user

Closing this; we broke out the various pieces of <a class="issue-link js-issue-link" d

Feature-Policy ∪ Permission Delegation ∪ Origin Trials about webappsec-permissions-policy HOT 5 CLOSED

w3c commented on July 20, 2024

Feature-Policy ∪ Permission Delegation ∪ Origin Trials

from webappsec-permissions-policy.

ojanvafai commented on July 20, 2024

I like it. I think we should flip the default for cascading though. cascade should be opt-out.

Also, we need a disable attribute on iframe as well?

from webappsec-permissions-policy.

igrigorik commented on July 20, 2024

I like it. I think we should flip the default for cascading though. cascade should be opt-out.

Also, we need a disable attribute on iframe as well?

Yep, see: #11

from webappsec-permissions-policy.

igrigorik commented on July 20, 2024

Had an offline chat with @jpchase @clelland @mkruisselbrink today. Quick summary:

The rough integration sketch in #10 (comment) sounds reasonable.
- One concern is lack of <meta> support, opened: #15.
- The algorithm that processes tokens probably shouldn't call out to Origin Trials specifically, instead just provide an extension point for other specs to hook into.
We talked about pro's and con's of hiding interfaces/methods vs throwing exceptions. Agreed that it probably makes sense to hide interfaces for cases like "disable webrtc", less clear on "disable document.cookie" and similar... Need to think about it some more.

Overall though, I think we agreed that it makes sense to explore this further.

Next step: convert #10 (comment) into a concrete proposal.

p.s. @jpchase @clelland @mkruisselbrink please chime in if I'm forgetting anything.

from webappsec-permissions-policy.