Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Update header and allow attribute syntax #83

Merged
merged 2 commits into from
Oct 3, 2017

Conversation

clelland
Copy link
Collaborator

This introduces a new, heavily CSP-inspired syntax for the HTTP header
and the <iframe allow> attribute. It allows more complex container
policies to be specified in frames, without all of the verbosity and
escaping that JSON would require. The header format is changed to match
this, for consistency.

Examples are also updated; the parser section still needs to be
rewritten to take this into account; two issues are marked for that.

Fixes #78

This introduces a new, heavily CSP-inspired syntax for the HTTP header
and the <iframe allow> attribute. It allows more complex container
policies to be specified in frames, without all of the verbosity and
escaping that JSON would require. The header format is changed to match
this, for consistency.

Examples are also updated; the parser section still needs to be
rewritten to take this into account; two issues are marked for that.

Fixes w3c#78
This makes the BNF refer sepcifically to the definition in RFC 6454,
with a caveat that three delimiters should be percent-encoded if
necessary.
@clelland clelland merged commit 740c1f4 into w3c:gh-pages Oct 3, 2017
clelland added a commit to clelland/feature-policy that referenced this pull request Oct 4, 2017
There were a few places in the spec and feature list where an allowlist
was specified as ["self"], ["*"] or []. While not technically incorrect,
as they were not referring to the serialization of policies, they were
misleading. This replaces those with the hopefully less-misleading terms
from the new serialization: 'self', '*', and 'none'.

Fixes: w3c#83
@clelland clelland deleted the new-syntax branch October 12, 2017 15:17
rakuco added a commit to rakuco/wake-lock that referenced this pull request Nov 23, 2022
* w3c/webappsec-permissions-policy#123 clarified the notation and types used
  by allowlists and default allowlists. Default allowlists are not
  allowlists themselves, so we need to use `"self"` rather than `["self"]`.

While here, land a few minor adjustments:
* Fix references to Permissions Policy tests in WPT that were renamed in
  web-platform-tests/wpt#36159.
* Use the right notation in the Permissions-Policy HTTP header example. The
  syntax we were using had not been valid since 2017's
  w3c/webappsec-permissions-policy#83.
rakuco added a commit to w3c/screen-wake-lock that referenced this pull request Nov 23, 2022
…356)

* w3c/webappsec-permissions-policy#123 clarified the notation and types used
  by allowlists and default allowlists. Default allowlists are not
  allowlists themselves, so we need to use `"self"` rather than `["self"]`.

While here, land a few minor adjustments:
* Fix references to Permissions Policy tests in WPT that were renamed in
  web-platform-tests/wpt#36159.
* Use the right notation in the Permissions-Policy HTTP header example. The
  syntax we were using had not been valid since 2017's
  w3c/webappsec-permissions-policy#83.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

None yet

1 participant