Wildcards in Permissions Policy Origins #679
Labels
Comments
This was referenced Aug 26, 2022
|
Did your comment lose the "*" character in a few places? Looking at the proposal, I think that you need to sort out whether matching follows CSP (where "*" matches any number of labels) or certificates (where "*" matches a single label). In general, it is better to have these fundamental details sorted out before asking our opinion. However, once that is worked out, I don't see any problem with this. cc @dveditz |
|
Thanks for the catch re *, I forgot it meant italics in markdown. As for your question, I added an example to clarify that "https://foo.cdn2.foo.com/" would match "https://*.foo.com/" |
|
Confirmed with @dveditz this is fine, thanks for the clarification and update |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Request for Mozilla Position on an Emerging Web Specification
Other information
Design Doc
This feature will add support for wildcard in permissions policy structured like SCHEME://*.HOST:PORT (e.g., https://*.foo.com/) where a valid Origin could be constructed from SCHEME://HOST:PORT (e.g., https://foo.com/). This requires that HOST is at least eTLD+1 (a registrable domain). This means that https://*.bar.foo.com/ works but https://*.com/ won’t (if you want to allow all domains to use the feature, you should just delegate to *). Wildcards in the scheme and port section will be unsupported and https://*.foo.com/ does not delegate to https://foo.com/.
Before, a permissions policy might need to look like:
permissions-policy: ch-ua-platform-version=(self "https://foo.com/" "https://cdn1.foo.com/" "https://cdn2.foo.com/" "https://foo.cdn2.foo.com/")
With this feature, it could look like:
permissions-policy: ch-ua-platform-version=(self "https://foo.com/" "https://*.foo.com")
The text was updated successfully, but these errors were encountered: