Re: [battery] Allow use in same-origin children, add Feature Policy integration from Ian Clelland via GitHub on 2018-01-10 (public-device-apis-log@w3.org from January 2018)

From: Ian Clelland via GitHub <sysbot+gh@w3.org>
Date: Wed, 10 Jan 2018 17:08:42 +0000
To: public-device-apis-log@w3.org
Message-ID: <issue_comment.created-356669180-1515604120-sysbot+gh@w3.org>

> > For FP, what would be the plan? Would the API be denied by default or allowed?

> This PR proposes that the default allowlist for the Battery Status API is `["self"]` and that the battery promise will be rejected with a `SecurityError` if not allowed to use the policy-controlled feature.

That matches my understanding -- so all usage would be allowed on the top-level document, and that document could allow access in cross-origin frames by embedding them with `<iframe allow="battery"></iframe>`, or with an HTTP header that allows it in that origin. Other usage would be denied.

-- 
GitHub Notification of comment by clelland
Please view or discuss this issue at https://github.com/w3c/battery/pull/13#issuecomment-356669180 using your GitHub account

Received on Wednesday, 10 January 2018 17:08:59 UTC