You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
This feature will add support for wildcard in permissions policy structured like SCHEME://*.HOST:PORT (e.g., https://*.foo.com/) where a valid Origin could be constructed from SCHEME://HOST:PORT (e.g., https://foo.com/). This requires that HOST is at least eTLD+1 (a registrable domain). This means that https://*.bar.foo.com/ works but https://*.com/ won’t (if you want to allow all domains to use the feature, you should just delegate to *). Wildcards in the scheme and port section will be unsupported and https://*.foo.com/ does not delegate to https://foo.com/.
Did your comment lose the "*" character in a few places?
Looking at the proposal, I think that you need to sort out whether matching follows CSP (where "*" matches any number of labels) or certificates (where "*" matches a single label). In general, it is better to have these fundamental details sorted out before asking our opinion. However, once that is worked out, I don't see any problem with this.
Request for Mozilla Position on an Emerging Web Specification
Other information
Design Doc
This feature will add support for wildcard in permissions policy structured like SCHEME://*.HOST:PORT (e.g., https://*.foo.com/) where a valid Origin could be constructed from SCHEME://HOST:PORT (e.g., https://foo.com/). This requires that HOST is at least eTLD+1 (a registrable domain). This means that https://*.bar.foo.com/ works but https://*.com/ won’t (if you want to allow all domains to use the feature, you should just delegate to *). Wildcards in the scheme and port section will be unsupported and https://*.foo.com/ does not delegate to https://foo.com/.
Before, a permissions policy might need to look like:
permissions-policy: ch-ua-platform-version=(self "https://foo.com/" "https://cdn1.foo.com/" "https://cdn2.foo.com/" "https://foo.cdn2.foo.com/")
With this feature, it could look like:
permissions-policy: ch-ua-platform-version=(self "https://foo.com/" "https://*.foo.com")
The text was updated successfully, but these errors were encountered: