- From: Michael[tm] Smith <notifications@github.com>
- Date: Thu, 25 Mar 2021 08:13:20 -0700
- To: whatwg/xhr <xhr@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Thursday, 25 March 2021 15:13:32 UTC
> Thanks, you'll also need to remove the instance of sync-xhr elsewhere.
That’s in https://github.com/w3c/webappsec-permissions-policy/blob/ab4fa82727f370307117e61d170ca9a2f21dc29b/index.bs#L1126-L1128
So, I’ll raise a PR against the Permissions Policy spec to drop or change that.
But note also, the Permissions Policy has an example with this:
```
const new_frame = document.createElement('iframe');
new_frame.allow = 'sync-xhr';
// This will be true, as the iframe is allowed to use sync-xhr at whatever URL is
// mentioned in its src attribute, even though that attribute is not yet set.
const is_sync_xhr_allowed = new_frame.featurePolicy.allowsFeature('sync-xhr');
```
https://w3c.github.io/webappsec-permissions-policy/#example-92e8a40f
So, I guess I’ll need replace that example with something else. Suggestion welcome.
--
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/whatwg/xhr/pull/322#issuecomment-806925632
Received on Thursday, 25 March 2021 15:13:32 UTC