- From: Eric Portis <notifications@github.com>
- Date: Wed, 28 Oct 2020 11:27:01 -0700
- To: whatwg/dom <dom@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Wednesday, 28 October 2020 18:27:12 UTC
On the HTTP header front... `Feature-Policy` has been split into [Document Policy](https://w3c.github.io/webappsec-permissions-policy/document-policy.html) and [Permissions Policy](https://w3c.github.io/webappsec-permissions-policy/); `Document-Policy` is probably the better fit, for this use case. After struggling with similar adoption-friction problems re: 3rd party Client-Hint delegation, a solution I have high hopes (and low expectations) for is [Origin-Policy](https://wicg.github.io/origin-policy/#origin-policy-well-known) (currently stagnant). Doing out-of-band opt-ins via a config file at a well-known URL seems possibly easier for folks than configuring HTTP headers. -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/whatwg/dom/issues/831#issuecomment-718124957
Received on Wednesday, 28 October 2020 18:27:12 UTC