Hi API testers,
In order to easen API usage even after the testing phase, the default allowlist for the Attribution Reporting API Permissions-Policy will remain *. This means that no explicit Permissions-Policy will be needed on cross-origin iframes. By default, the Attribution Reporting API will be enabled in these frames.
We're continuing to investigate permissions policy changes that would support the ecosystem while retaining some level of opt-in. Your input on this is welcome.
Note: this essentially means that the change announced for Chrome 106 on Permissions-Policy—that is, the current behavior in Chrome—will remain.
Documentation
Review the updated Handbook > Permissions section for details.
What should you do?