- From: Ian Clelland <notifications@github.com>
- Date: Tue, 19 Dec 2017 16:52:00 +0000 (UTC)
- To: whatwg/xhr <xhr@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Tuesday, 19 December 2017 16:52:23 UTC
clelland commented on this pull request.
> @@ -2031,6 +2039,19 @@ attributes initialized to false, so it is suggested that for consistency all
{{ProgressEvent}} interface do the same.
+<h3 id=feature-policy>Feature Policy Integration</h3>
+
+<p>This specification defines a policy-controlled feature named <dfn>Synchronous
+XMLHttpRequest</dfn>.
+
+<p>The feature name for <a>Synchronous XMLHttpRequest</a> is "sync-xhr".
+
+<p>The default allowlist for Synchronous XMLHttpRequest is <code>*</code>.
I hadn't noticed 'safelist' being used in this context, and I'm not sure if 'safety' is the concept we're trying to convey in any case.
Originally the feature policy spec used 'whitelist', and early reviews suggested we switch to 'allowlist' to match some other specs (I don't recall which; perhaps Web Authentication?)
I'm sure this is open to change, but that should probably happen on the FP issues list :)
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/xhr/pull/177#discussion_r157812067
Received on Tuesday, 19 December 2017 16:52:23 UTC