惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

K
Kaspersky official blog
小众软件
小众软件
Engineering at Meta
Engineering at Meta
博客园 - 三生石上(FineUI控件)
WordPress大学
WordPress大学
G
Google Developers Blog
Cyber Security Advisories - MS-ISAC
Cyber Security Advisories - MS-ISAC
V
V2EX
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
Google DeepMind News
Google DeepMind News
Security Archives - TechRepublic
Security Archives - TechRepublic
CTFtime.org: upcoming CTF events
CTFtime.org: upcoming CTF events
C
Check Point Blog
aimingoo的专栏
aimingoo的专栏
罗磊的独立博客
钛媒体:引领未来商业与生活新知
钛媒体:引领未来商业与生活新知
MongoDB | Blog
MongoDB | Blog
L
LINUX DO - 热门话题
酷 壳 – CoolShell
酷 壳 – CoolShell
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
H
Help Net Security
Martin Fowler
Martin Fowler
G
GRAHAM CLULEY
Simon Willison's Weblog
Simon Willison's Weblog
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
博客园 - Franky
V
Vulnerabilities – Threatpost
云风的 BLOG
云风的 BLOG
博客园_首页
C
Cybersecurity and Infrastructure Security Agency CISA
量子位
Stack Overflow Blog
Stack Overflow Blog
Recent Announcements
Recent Announcements
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
I
Intezer
Scott Helme
Scott Helme
A
About on SuperTechFans
博客园 - 司徒正美
Hacker News: Ask HN
Hacker News: Ask HN
The GitHub Blog
The GitHub Blog
Forbes - Security
Forbes - Security
Threat Intelligence Blog | Flashpoint
Threat Intelligence Blog | Flashpoint
博客园 - 聂微东
人人都是产品经理
人人都是产品经理
The Cloudflare Blog
cs.CV updates on arXiv.org
cs.CV updates on arXiv.org
Spread Privacy
Spread Privacy
T
Tailwind CSS Blog
S
Security Affairs
宝玉的分享
宝玉的分享

Recent Commits to webappsec-permissions-policy:main

Add WebMCP link to features.md · w3c/webappsec-permissions-policy@c10c76d Add WebMCP link to features.md · w3c/webappsec-permissions-policy@10d8736 Add `monetization` feature (#571) · w3c/webappsec-permissions-policy@876a190 Add Permissions Policy for Digital Credentials Issuance (#573) · w3c/webappsec-permissions-policy@29efab0 [focus-without-user-activation] Add alternative solutions (#563) · w3c/webappsec-permissions-policy@298d386 Add proposed features from Chrome's Built-In AI APIs (#570) · w3c/webappsec-permissions-policy@4de8724 Replace `shared-autofill` with `autofill` and `manual-text` (#560) · w3c/webappsec-permissions-policy@6f3b837 focus-without-user-activation: Add missing HTML closing quote in exam… · w3c/webappsec-permissions-policy@b5dde2c Merge pull request #559 from shhnjk/main · w3c/webappsec-permissions-policy@e9edeb5 Put PermissionsPolicyViolationReportBody/allowAttribute back · w3c/webappsec-permissions-policy@1c37e68 Update index.bs · w3c/webappsec-permissions-policy@7c8ed48 Nit · w3c/webappsec-permissions-policy@173adc5 add allow and src attribute to potential permissions policy violation · w3c/webappsec-permissions-policy@bb175d2 Add `ch-ua-high-entropy-values` feature (#558) · w3c/webappsec-permissions-policy@8430c86 Send reports for Permissions Policy violations in iframe to parent fr… · w3c/webappsec-permissions-policy@314ffc9 Add `storage-access` feature · w3c/webappsec-permissions-policy@c73ef39 Add 'deferred-fetch' as proposed feature · w3c/webappsec-permissions-policy@dedd81f Add mediasession feature · w3c/webappsec-permissions-policy@8ef8664 Clarify picture-in-picture shipping status · w3c/webappsec-permissions-policy@1d05f5e
Do not use request's window concept (#565) · w3c/webappsec-permissions-policy@20ab675
domenic · 2025-07-19 · via Recent Commits to webappsec-permissions-policy:main
Original file line numberDiff line numberDiff line change

@@ -1313,16 +1313,19 @@ partial interface HTMLIFrameElement {

13131313

Given a [=policy-controlled feature|feature=] (|feature|) and a <a for="/">request</a> (|request|),

13141314

this algorithm returns <code>true</code> if the request should be allowed to

13151315

use |feature|, and <code>false</code> otherwise.

1316-

1. Set |window| to |request|’s <a for="request">window</a>.

1317-

1. If |window| is not a {{Window}}, return <code>false</code>.

1316+

1. Let |client| be |request|’s [=request/client=].

1317+

1. If |client| is null, return <code>false</code>.

1318+

1. If |client|'s [=environment settings object/global object=] is not a {{Window}}, return

1319+

<code>false</code>.

13181320

<div class="issue">Permissions Policy within non-Window contexts

13191321

({{WorkerGlobalScope}} or {{WorkletGlobalScope}}) is being figured out in

13201322

<a href="https://github.com/w3c/webappsec-permissions-policy/issues/207">issue

13211323

#207</a>. After that’s resolved, update this algorithm to allow fetches

13221324

initiated within these contexts to use policy-controlled features.

13231325

*Until* that’s resolved, disallow all policy-controlled features (e.g.,

13241326

sending Client Hints to third parties) in these contexts.</div>

1325-

1. Set |document| to |window|’s <a>associated `Document`</a>.

1327+

1. Set |document| to |client|’s [=environment settings object/global object=]’s

1328+

<a>associated `Document`</a>.

13261329

1. Let |origin| be |request|’s <a for="request">origin</a>.

13271330

1. Let |result| be the result of executing <a abstract-op>Is feature

13281331

enabled in document for origin?</a> on |feature|, |document|, and |origin|.