Skip to content

Add Document-Policy header #484

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: main
Choose a base branch
from

Conversation

Seirdy
Copy link
Contributor

@Seirdy Seirdy commented Aug 12, 2022

This header accomplishes the following:

  • Forbids document.write
  • Forbids document.domain
  • Forbids use of profiling APIs
  • Forbids popups (similar to the overly-agressive "sandbox" CSP
    directive; uplifed from the deprecated Feature-Policy header)

These are preffed off in Chromium as "experimental"; the only DP
directive currently enabled in Chromium is "force-load-at-top".

More information:

To try this out, go to "chrome://flags" and enable experimental web
platform features. See implementation status at
https://bugs.chromium.org/p/chromium/issues/detail?id=993790.

@Seirdy Seirdy force-pushed the feat/document-policy branch from 12f7ed9 to a4a87ed Compare August 12, 2022 04:58
@thestinger thestinger force-pushed the main branch 10 times, most recently from f68494a to b0b84a0 Compare August 18, 2022 19:51
@thestinger thestinger force-pushed the main branch 2 times, most recently from c6701d3 to 66132ef Compare August 26, 2022 03:15
@thestinger
Copy link
Member

@Seirdy We had to rebase the repository to fix some commit messages for a legal reason. Can you rebase this?

This header accomplishes the following:

- Forbids document.write
- Forbids document.domain
- Forbids use of profiling APIs
- Forbids popups (similar to the overly-agressive "sandbox" CSP
  directive; uplifed from the deprecated Feature-Policy header)

These are preffed off in Chromium as "experimental"; the only DP
directive currently enabled in Chromium is "force-load-at-top".

More information:

- Document-Policy explainer:
  https://github.com/wicg/document-policy/blob/main/document-policy-explainer.md

- Document-Policy specification:
  https://wicg.github.io/document-policy/

- Current directives supported in Chromium:
  https://chromium.googlesource.com/chromium/src/+/refs/heads/main/third_party/blink/renderer/core/permissions_policy/document_policy_features.json5

To try this out, go to "chrome://flags" and enable experimental web
platform features. See implementation status at
https://bugs.chromium.org/p/chromium/issues/detail?id=993790.
@thestinger thestinger force-pushed the main branch 6 times, most recently from 5e45268 to dd97da3 Compare June 20, 2025 22:57
@thestinger thestinger force-pushed the main branch 8 times, most recently from c5fb751 to 1a40892 Compare July 1, 2025 04:27
@thestinger thestinger force-pushed the main branch 8 times, most recently from 1c3d219 to c6b85a7 Compare July 9, 2025 00:21
@thestinger thestinger force-pushed the main branch 3 times, most recently from dc64083 to 7a86b76 Compare July 27, 2025 18:38
@thestinger thestinger force-pushed the main branch 5 times, most recently from 0663209 to 40cae03 Compare July 28, 2025 18:08
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

3 participants