A web platform API which gives a website the ability to allow and deny the use of browser features in its own frame, and in iframes that it embeds. Examples of features that could be controlled by permissions policy include:
- getUserMedia (Camera and Microphone)
- Fullscreen
- Geolocation
- MIDI
- Payments
- Synchronous XHR
- ...
See also: how to integrate a web platform feature with permissions policy.
The Permissions Policy spec is hosted on this repo, at https://w3c.github.io/webappsec-feature-policy/ (the URL reflects the previous name of this API, "Feature Policy".)
For more explanation, use cases, examples, etc., please refer to the explainer document.
Another web platform API which gives a website the ability to allow and deny the use of browser features in its own frame, and in iframes that it embeds!
The spec is hosted on this repo, at https://w3c.github.io/webappsec-feature-policy/document-policy.html
For more explanation, use cases, examples, etc., please refer to the document policy explainer document.
Questions, suggestions? Please open an issue or send a pull request!