Add Document-Policy header #484
Open
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Seirdy
force-pushed
the
feat/document-policy
branch
from
12f7ed9 to
a4a87ed
Compare
thestinger
force-pushed
the
main
branch
10 times, most recently
from
f68494a to
b0b84a0
Compare
thestinger
force-pushed
the
main
branch
2 times, most recently
from
c6701d3 to
66132ef
Compare
|
@Seirdy We had to rebase the repository to fix some commit messages for a legal reason. Can you rebase this? |
This header accomplishes the following: - Forbids document.write - Forbids document.domain - Forbids use of profiling APIs - Forbids popups (similar to the overly-agressive "sandbox" CSP directive; uplifed from the deprecated Feature-Policy header) These are preffed off in Chromium as "experimental"; the only DP directive currently enabled in Chromium is "force-load-at-top". More information: - Document-Policy explainer: https://github.com/wicg/document-policy/blob/main/document-policy-explainer.md - Document-Policy specification: https://wicg.github.io/document-policy/ - Current directives supported in Chromium: https://chromium.googlesource.com/chromium/src/+/refs/heads/main/third_party/blink/renderer/core/permissions_policy/document_policy_features.json5 To try this out, go to "chrome://flags" and enable experimental web platform features. See implementation status at https://bugs.chromium.org/p/chromium/issues/detail?id=993790.
Seirdy
force-pushed
the
feat/document-policy
branch
from
a4a87ed to
4d9b999
Compare
thestinger
force-pushed
the
main
branch
4 times, most recently
from
35468ab to
b9f5696
Compare
thestinger
force-pushed
the
main
branch
6 times, most recently
from
de0367d to
db964d7
Compare
thestinger
force-pushed
the
main
branch
2 times, most recently
from
07c0438 to
0cb1182
Compare
thestinger
force-pushed
the
main
branch
18 times, most recently
from
0974833 to
3b0ec36
Compare
thestinger
force-pushed
the
main
branch
12 times, most recently
from
aec8fe6 to
e786b44
Compare
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
This header accomplishes the following:
directive; uplifed from the deprecated Feature-Policy header)
These are preffed off in Chromium as "experimental"; the only DP
directive currently enabled in Chromium is "force-load-at-top".
More information:
Document-Policy explainer:
https://github.com/wicg/document-policy/blob/main/document-policy-explainer.md
Document-Policy specification:
https://wicg.github.io/document-policy/
Current directives supported in Chromium:
https://chromium.googlesource.com/chromium/src/+/refs/heads/main/third_party/blink/renderer/core/permissions_policy/document_policy_features.json5
To try this out, go to "chrome://flags" and enable experimental web
platform features. See implementation status at
https://bugs.chromium.org/p/chromium/issues/detail?id=993790.