Contact emails
icle...@chromium.org, lun...@chromium.org
Spec
Feature policy spec is at https://wicg.github.io/feature-policy; Pull request for this API is at https://github.com/WICG/feature-policy/pull/184; Proposed spec (with this update merged) is at https://drafts.featurepolicy.rocks/add-introspection/.
Summary
This change adds an interface to inspect the current feature policy in a document, as well as to see what policy would be applied to an iframe in that document. (See overview at https://drafts.featurepolicy.rocks/add-introspection/#introspection-overview as well)
Developers can use this to ask questions like:
What features are currently enabled?
What origins will automatically inherit access to these features?
If I create an iframe, what features will it have enabled?
Link to “Intent to Implement” blink-dev discussion
Um… it looks like that wasn't sent out :(
Goals for experimentation
Is the .policy API the right shape, or is it awkward to use?
Are the arrays of strings which it returns useful for developers to understand the policies which their pages are operating under?
Is the iframe.policy interface intuitive enough, given its restrictions on cross-origin information leakage? Is it useful?
Does the API provide enough information for developers, or are there additional things we could surface to make this more useful?
Since most of these goals cannot be measured directly, we're going to be relying heavily on feedback from developers, through very specific questions on the feedback form, as well as reaching out directly to developers who will agree to be contacted.
Experimental timeline
M69 - M71 (Expected end: Late November 2018)
Any risks when the experiment finishes?
Sites which have been built to depend on this functionailty may stop working, although I expect that sites will try to detect the presence of the document.policy attribute, and assume when it is not available, that the browser just does not support feature policy. In that case, they will continue to work as well as they do on other browsers, and can continue to use traditional feature detection for the actual features they are using.
Ongoing technical constraints
None.
Debuggability
Having this feature available enables the awesome and amazing DevTools extension by Eric Bidelman for inspecting policies, which currently requires users to enable this API by flag.
Will this feature be supported on all five Blink platforms supported by Origin Trials (Windows, Mac, Linux, Chrome OS, and Android)?
Yes.
Link to entry on the feature dashboard
https://www.chromestatus.com/feature/5190687460950016
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAK_TSXJfW_89gk0HOKgCsMUCHJOr3%2B3s0yx0%2BL9%2Bh5deo2P25A%40mail.gmail.com.
LGTMOn Thu, Jul 19, 2018 at 8:30 AM Ian Clelland <icle...@chromium.org> wrote:Contact emails
icle...@chromium.org, lun...@chromium.org
Spec
Feature policy spec is at https://wicg.github.io/feature-policy; Pull request for this API is at https://github.com/WICG/feature-policy/pull/184; Proposed spec (with this update merged) is at https://drafts.featurepolicy.rocks/add-introspection/.
Summary
This change adds an interface to inspect the current feature policy in a document, as well as to see what policy would be applied to an iframe in that document. (See overview at https://drafts.featurepolicy.rocks/add-introspection/#introspection-overview as well)
Developers can use this to ask questions like:
What features are currently enabled?
What origins will automatically inherit access to these features?
If I create an iframe, what features will it have enabled?
Link to “Intent to Implement” blink-dev discussion
Um… it looks like that wasn't sent out :(
Goals for experimentation
Is the .policy API the right shape, or is it awkward to use?
Are the arrays of strings which it returns useful for developers to understand the policies which their pages are operating under?
Is the iframe.policy interface intuitive enough, given its restrictions on cross-origin information leakage? Is it useful?
Does the API provide enough information for developers, or are there additional things we could surface to make this more useful?
Since most of these goals cannot be measured directly, we're going to be relying heavily on feedback from developers, through very specific questions on the feedback form, as well as reaching out directly to developers who will agree to be contacted.
Experimental timeline
M69 - M71 (Expected end: Late November 2018)
Contact emails
icle...@chromium.org, lun...@chromium.org
Spec
Feature policy spec is at https://wicg.github.io/feature-policy; Pull request for this API is at https://github.com/WICG/feature-policy/pull/184; Proposed spec (with this update merged) is at https://drafts.featurepolicy.rocks/add-introspection/.
Summary
This change adds an interface to inspect the current feature policy in a document, as well as to see what policy would be applied to an iframe in that document. (See overview at https://drafts.featurepolicy.rocks/add-introspection/#introspection-overview as well)
Developers can use this to ask questions like:
What features are currently enabled?
What origins will automatically inherit access to these features?
If I create an iframe, what features will it have enabled?
Link to “Intent to Implement” blink-dev discussion
Um… it looks like that wasn't sent out :(
Goals for experimentation
Is the .policy API the right shape, or is it awkward to use?
Are the arrays of strings which it returns useful for developers to understand the policies which their pages are operating under?
-Boris
--
You received this message because you are subscribed to a topic in the Google Groups "blink-dev" group.
To unsubscribe from this topic, visit https://groups.google.com/a/chromium.org/d/topic/blink-dev/pQZopKWaQIk/unsubscribe.
To unsubscribe from this group and all its topics, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/eee7a9db-d7ee-3a23-31b6-7595bb078b67%40mit.edu.
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAPYVjqoXLXjqkZjO%2BjHnoJxgERYdnnmAq7baooSg5ZDKGJYSiA%40mail.gmail.com.
On 7/27/18 11:43 AM, Ian Clelland wrote:
> The only thing that should be observable to any subframe is whether the
> embedder granted or denied it access to particular features
Just to make sure we're on the same page, we're talking about the
Policy.getAllowlistForFeature API right?
> It can't see what other hosts might
> have access to the features in other frames, or whether a feature would
> be available at another origin if it were to navigate to it.
In that case, what exactly is the list of origins that
getAllowlistForFeature() returns? Is that just looking at the origins
in the feature policy the site is applying to itself, not the ones from
the parent?
The term "declared policy" it's using in
https://drafts.featurepolicy.rocks/add-introspection/#ref-for-dom-policy-getallowlistforfeature
step 5 isn't linked to a definition, so I'm not sure what it really
means there.