- From: Rossen Atanassov <notifications@github.com>
- Date: Wed, 27 Oct 2021 08:47:12 -0700
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Wednesday, 27 October 2021 15:47:25 UTC
Under further review and reading through the [entire list of standardized features](https://github.com/w3c/webappsec-permissions-policy/blob/main/features.md#standardized-features), we are concerned about making all features available for delegation. More specifically, if a top level document is granted `camera`, `usb`, `web-share` etc. permission, it shouldn't be able to delegate without additional user consent. Our recommendation is to specify an allow subset of features, namely `payments` and `fullscreen` (from what I can tell are current use cases) and be [explicit about it in your spec](https://wicg.github.io/capability-delegation/spec.html#initiating-delegation). -- You are receiving this because you are subscribed to this thread. Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/655#issuecomment-953059898
Received on Wednesday, 27 October 2021 15:47:25 UTC