https://github.com/WICG/capability-delegation
https://wicg.github.io/capability-delegation/spec.html
Capability delegation means allowing a frame to relinquish its ability to call a restricted API and transfer the ability to another (sub)frame trusts.
If an app wants to delegate its ability to call a restricted JS capability (e.g. popups, fullscreen, etc) to a known+trusted third-party frame, the app would utilize a Capability Delegation API to "transfer" the ability to the target frame in a time-constrained manner (unlike static mechanisms like <iframe allow> attributes).
https://github.com/w3ctag/design-reviews/issues/655
Pending
Interop risk here like any new API: new use-cases relying on delegation will fail in a browser that hasn't implemented this feature. In such a browser, the new API (postMessage() call with an additional option) will silently get ignored while preserving the legacy behavior. More precisely, the postMessage() call will be treated as if it was meant to send the message object only, and the delegated capability will behave in the target Window as if no delegation has taken place.
There is no compat risk because this is a new feature.
Gecko: No signal
WebKit: No signal
Web developers: Positive (https://discourse.wicg.io/t/capability-delegation/4821/3)
This trial includes Capability Delegation and one “user API”, the PaymentRequest API, to seek feedback from developers who rely on payment processing in a cross-origin subframe. We want to find out if any fine tuning is needed in Capability Delegation interface and/or in delegated payment request behavior in order to support such payment processing in a spec compliant way.
Not applicable.
None.
Developers can test the delegated API by calling it from the appropriate console (i.e. from the console of postMessage-target Window).
Yes
No
--enable-blink-features=CapabilityDelegationPaymentRequest
False
We expect to ship this one milestone after the end of OT or the end of TAG review (whichever takes longer).
https://www.chromestatus.com/feature/5708770829139968
Intent to prototype: https://groups.google.com/a/chromium.org/g/blink-dev/c/9CeLYndESPE/m/AhEttheMBQAJ
This intent message was generated by Chrome Platform Status.
Contact emails
Explainer
https://github.com/WICG/capability-delegation
Specification
https://wicg.github.io/capability-delegation/spec.html
Summary
Capability delegation means allowing a frame to relinquish its ability to call a restricted API and transfer the ability to another (sub)frame trusts.
If an app wants to delegate its ability to call a restricted JS capability (e.g. popups, fullscreen, etc) to a known+trusted third-party frame, the app would utilize a Capability Delegation API to "transfer" the ability to the target frame in a time-constrained manner (unlike static mechanisms like <iframe allow> attributes).
Blink component
TAG review
https://github.com/w3ctag/design-reviews/issues/655
TAG review status
Pending
Risks
Interoperability and Compatibility
Interop risk here like any new API: new use-cases relying on delegation will fail in a browser that hasn't implemented this feature. In such a browser, the new API (postMessage() call with an additional option) will silently get ignored while preserving the legacy behavior. More precisely, the postMessage() call will be treated as if it was meant to send the message object only, and the delegated capability will behave in the target Window as if no delegation has taken place.
There is no compat risk because this is a new feature.
Gecko: No signal
WebKit: No signal
--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAB0cuO7rdz71M6Cr1wULotqfSS9BRokG8Ov8%2B2doH_asW1DUow%40mail.gmail.com.
> What's the requested timeline for experimentation?We are planning to run the trial from M95 through M96.> Might be worthwhile to ask for signals: https://bit.ly/blink-signals
We asked for Mozilla's signal here: https://github.com/mozilla/standards-positions/issues/565