[wp-trac] [WordPress Trac] #45966: Function to set Feature Policy
WordPress Trac
noreply at wordpress.org
Mon Jan 14 01:01:54 UTC 2019
#45966: Function to set Feature Policy
-------------------------+-------------------------
Reporter: bhubbard | Owner: (none)
Type: enhancement | Status: closed
Priority: normal | Milestone:
Component: Security | Version:
Severity: normal | Resolution: maybelater
Keywords: | Focuses:
-------------------------+-------------------------
Changes (by pento):
* status: new => closed
* resolution: => maybelater
* milestone: Awaiting Review =>
Comment:
Feature Policy is useful for setting on iframes, but I don't think it's
appropriate for WordPress core to be setting a default policy in the
headers.
Even providing the API is problematic: we'd have to assume that a plugin
which doesn't set a feature policy may need access to a feature that the
policy would otherwise restrict. So, if Plugin A sets the `vibrate 'self'`
policy, but Plugin B doesn't set a policy, we have to assume that `vibrate
*` is the only safe policy that core could send.
I think we can revisit this once the spec is actually locked down and
browsers are providing practical uses for it.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/45966#comment:1>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list