Update: default Permissions-Policy to remain *

[Maud Nalpas]

Hi API testers,

In order to easen API usage even after the testing phase, the default allowlist for the Attribution Reporting API Permissions-Policy will remain *. This means that no explicit Permissions-Policy will be needed on cross-origin iframes. By default, the Attribution Reporting API will be enabled in these frames.
We're continuing to investigate permissions policy changes that would support the ecosystem while retaining some level of opt-in. Your input on this is welcome.

Note: this essentially means that the change announced for Chrome 106 on Permissions-Policy—that is, the current behavior in Chrome—will remain.

Documentation
Review the updated Handbook > Permissions section for details.

What should you do?

• No code changes are needed.
• If you had plans to work with publishers and DSPs to add the policy as initially recommended, you don't need to anymore.
• You should still feature-detect the API, in case the embedding site explicitly disallows the API.
• You can safely ignore DevTools hints to add the Permissions-Policy for the future; we're currently removing these.