> > For FP, what would be the plan? Would the API be denied by default or allowed? > This PR proposes that the default allowlist for the Battery Status API is `["self"]` and that the battery promise will be rejected with a `SecurityError` if not allowed to use the policy-controlled feature. That matches my understanding -- so all usage would be allowed on the top-level document, and that document could allow access in cross-origin frames by embedding them with `<iframe allow="battery"></iframe>`, or with an HTTP header that allows it in that origin. Other usage would be denied. -- GitHub Notification of comment by clelland Please view or discuss this issue at https://github.com/w3c/battery/pull/13#issuecomment-356669180 using your GitHub accountReceived on Wednesday, 10 January 2018 17:08:59 UTC
This archive was generated by hypermail 2.4.0 : Monday, 4 July 2022 12:47:55 UTC