- From: Ari Chivukula <notifications@github.com>
- Date: Mon, 22 Aug 2022 05:13:03 -0700
- To: w3ctag/design-reviews <design-reviews@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Monday, 22 August 2022 12:13:16 UTC
It's true that a developer might be encouraged by this new feature to allow `*.example.com` where as they would previously have to manually add subdomains. That said, they could currently be being pushed to use just `*` due to their CDN needing 100+ subdomains whitelisted. This seems a safer corner to be backed into. I was planning to depend on the PSL by referencing [this language](https://url.spec.whatwg.org/#host-registrable-domain). As the permissions policy directives aren't cached beyond the lifetime of the page load, if the list is out of date it could result in sites being delegated (or not being delegated) permissions. If an invalid target is detected in the list that target would be ignored without throwing away the rest of the targets (i.e., `https://*.example.com/ https://*.org` would parse the same as just `https://*.example.com/`). -- Reply to this email directly or view it on GitHub: https://github.com/w3ctag/design-reviews/issues/765#issuecomment-1222270805 You are receiving this because you are subscribed to this thread. Message ID: <w3ctag/design-reviews/issues/765/1222270805@github.com>
Received on Monday, 22 August 2022 12:13:16 UTC