Re: [w3ctag/design-reviews] Wildcards in Permissions Policy Origins (Issue #765) from Yves Lafon on 2022-09-13 (public-webapps-github@w3.org from September 2022)

From: Yves Lafon <notifications@github.com>
Date: Tue, 13 Sep 2022 08:58:16 -0700
To: w3ctag/design-reviews <design-reviews@noreply.github.com>
Cc: Subscribed <subscribed@noreply.github.com>
Message-ID: <w3ctag/design-reviews/issues/765/1245616454@github.com>

I have a few questions about matching:
Does `https://www.example.com:443/` match `https://*.example.com/` ? (implicit port equivalence)
Is it possible to use the wildcard as part of a token or to replace more than one token, ie:
`https://*-assets.example.com/` matching `https://img-assets.example.com/`
or `https://*.example.org/` matching `https://two.levels.example.org/` or should it be `https://*.*.example.org/`

Also, to avoid only opening everything, would it be possible to have negative matches?
Thinking of something like `Permissions-Policy: geolocation=(self "https://*.example.com/" "!https://notallowed.example.com/")` this would be useful if there are a few subdomains to exclude, or combined with partial matches like the question above `!https://*-no.example.org'`


-- 
Reply to this email directly or view it on GitHub:
https://github.com/w3ctag/design-reviews/issues/765#issuecomment-1245616454
You are receiving this because you are subscribed to this thread.

Message ID: <w3ctag/design-reviews/issues/765/1245616454@github.com>

Received on Tuesday, 13 September 2022 15:58:28 UTC