whatwg/xhr

Replace Feature Policy integration with Document Policy

clelland opened this issue · 0 comments

Following the discussion in w3c/webappsec-permissions-policy#410, it seems that there is interest in replacing the existing integration with Feature Policy with a similar Document Policy integration.

The largest difference between the two is that a document policy in one frame does not necessarily affect its embedded content; the parent can switch off synchronous XHR for itself, while allowing its children to make the same decision on their own. Document Policy does define a mode by which child frames can be required to disable sync-xhr, but this requires an explicit opt in by the embedded document, and is not simply imposed by the embedder, as it is with Feature Policy.