Question about the difference between featurePolicy.allowedFeatures() and featurePolicy.features()

83 views
Skip to first unread message

Maojie Wei

unread,
Jun 4, 2021, 5:21:13 PM6/4/21
to Attribution Reporting API Dev
Hi,

My teammate just found that there are featurePolicy.features() and featurePolicy.allowedFeatures(). Is there a difference between the two now and possibly in future? Does the first one just mean the current version of browser supports some given features and the second one mean that this feature is actually enabled? Under what circumstances will conversion-measurement api be disabled if it's supported in a given browser? 

Thanks
Maojie

John Delaney

unread,
Jun 4, 2021, 7:11:38 PM6/4/21
to Attribution Reporting API Dev, mw...@pinterest.com

Thanks for reaching out!

Here is a link with some examples of what the different featurePolicy APIs mean: https://developers.google.com/web/updates/2018/06/feature-policy#jsexample

Paraphrasing:

featurePolicy.features() is the list of feature policies allowed by the browser regardless of whether they are in force.

featurePolicy.allowedFeatures() are the features that are allows in a given document. The conversion-measurement feature policy (which has been renamed to attribution-reporting in Chrome 92+) is allowed by default in the top-level document, and all same-origin iframes. But disallowed in cross-origin iframes.

So as an example:

If I am on page 'news.example', and I have two iframes, iframe A whose src is 'news.example/embed' and iframe B whose src is 'thirdparty.example':

 'conversion-measurement' will be allowed in the top page and in iframe A. But will be disabled in iframe B. In order to enable in iframe B, you will need to set an 'allow="conversion-measurement"' attribute on the iframe.

It's also possible for a page to disable a feature policy via an HTTP header, in which case it will be present in features() but not present in allowedFeatures().

I will add a caveat that this behavior is more complicated when combined with origin trials. While the API is in Origin Trial, you will need to embed an Origin Trial token in order for the "conversion-measurement" feature to appear in featurePolicy.features() to begin with. There is more info on running an Origin Trial here: https://web.dev/using-conversion-measurement/

Similarly, Origin Trials need to be enabled in every iframe that use the feature as well as the top-level page. 

I realize that's a lot of info, so feel free to let me know if anything was confusing or if I missed anything.

Thanks again!
Reply all
Reply to author
Forward
0 new messages