You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
Early feedback on similar mechanisms (embedded CSP) is ~meh: reflecting the policy creates a lot of complications for the endpoints because they now need to "be smart" at the edge; endpoints are unlikely to reflect the policy.
"Enforcement" is independent of reflected policy anyway: if a feature is disabled it'll cause an error if used; there is no need to rely on reflected header.
It may still make sense to advertise the active policy in the feature, purely as an FYI, but I think this can be safely moved into the v-next bucket. Closing, we can revisit once and if we get more demand for this.
Beginnings of this logic in https://igrigorik.github.io/feature-policy/#set-request-policy
The text was updated successfully, but these errors were encountered: