A web platform API which gives a website the ability to allow and deny the use of browser features in its own frame, and in iframes that it embeds. Examples of features that could be controlled by feature policy include:
- getUserMedia (Camera and Microphone)
- Fullscreen
- Geolocation
- MIDI
- Payments
- Synchronous XHR
- Synchronous scripts
- Lazyload
- ...
The spec is hosted on this repo, at https://w3c.github.io/webappsec-feature-policy/
For more explanation, use cases, examples, etc., please refer to the feature policy explainer document.
Another web platform API which gives a website the ability to allow and deny the use of browser features in its own frame, and in iframes that it embeds!
The spec is hosted on this repo, at https://w3c.github.io/webappsec-feature-policy/document-policy.html
For more explanation, use cases, examples, etc., please refer to the document policy explainer document.
Questions, suggestions? Please open an issue or send a pull request!