Summary: | Investigate usage of XMLHttpRequest's Permissions Policy usage | ||
---|---|---|---|
Product: | WebKit | Reporter: | Ian Clelland <iclelland> |
Component: | DOM | Assignee: | Nobody <webkit-unassigned> |
Status: | RESOLVED DUPLICATE | ||
Severity: | Normal | CC: | achristensen, annevk, ap, beidson, cdumez, ggaren, youennf |
Priority: | P2 | ||
Version: | WebKit Nightly Build | ||
Hardware: | Unspecified | ||
OS: | All | ||
See Also: | https://bugs.webkit.org/show_bug.cgi?id=183300 | ||
Bug Depends on: | |||
Bug Blocks: | 183300 |
Description
Ian Clelland
2018-03-02 09:35:00 PST
Hi Ian, I guess that if there are other bugs related to feature policy that are filed, maybe having an umbrella bug might be useful. The current feature policy "implementation" is minimal in that it only checks for the iframe attribute, (no headers checking) and is specific to media capture. Thanks, Youenn --- I filed https://bugs.webkit.org/show_bug.cgi?id=183300; I'm not sure if bugzilla allows me to declare a dependency of this bug on that one. Letting a top-level site adjust the control flow of an embedded site is generally not a good idea. This has also been removed from XMLHttpRequest. Actually, there is something implemented. Maybe that needs to be removed. *** This bug has been marked as a duplicate of bug 202098 *** |