- From: Florian Rivoal via GitHub <sysbot+gh@w3.org>
- Date: Mon, 03 Dec 2018 07:57:59 +0000
- To: public-css-archive@w3.org
--- Migrated from https://github.com/WICG/spatial-navigation/issues/58#issuecomment-395594854 Originally created by @Malvoz on *Thu, 07 Jun 2018 23:14:35 GMT* --- This could be a [feature policy](https://wicg.github.io/feature-policy/), e.g: `allow` attribute: `<iframe src="https://example.com" allow="spatnav">` or in a header field: `Feature-Policy: spatnav 'self' https://example.com;` Alternatively spatnav could be enabled by default for all sources in CSP's [`frame-src`](https://www.w3.org/TR/CSP/#directive-frame-src) (and [`object-src`](https://www.w3.org/TR/CSP/#directive-object-src)) _fetch_ directives? But that would limit control of trusted sources to only `iframe` and `object` respectively. There is the drafted [`navigate-to`](https://w3c.github.io/webappsec-csp/#directive-navigate-to) _navigation_ directive, but I'm not totally sure how that works. And although CSP is good practice, it would force developers to enable CSP to provide spatial navigation for iframed content. Which probably isn't ideal? -- GitHub Notification of comment by frivoal Please view or discuss this issue at https://github.com/w3c/csswg-drafts/issues/3390#issuecomment-443620288 using your GitHub account
Received on Monday, 3 December 2018 07:58:01 UTC