Make WordPress Core

#45966 closed enhancement (maybelater)

Function to set Feature Policy

Reported by: bhubbard Owned by:
Milestone: Priority: normal
Severity: normal Version:
Component: Security Keywords:
Focuses: Cc:


It would be great to have functions to set the Feature Policy.



Change History (1)

#1 @pento
13 months ago

  • Milestone Awaiting Review deleted
  • Resolution set to maybelater
  • Status changed from new to closed

Feature Policy is useful for setting on iframes, but I don't think it's appropriate for WordPress core to be setting a default policy in the headers.

Even providing the API is problematic: we'd have to assume that a plugin which doesn't set a feature policy may need access to a feature that the policy would otherwise restrict. So, if Plugin A sets the vibrate 'self' policy, but Plugin B doesn't set a policy, we have to assume that vibrate * is the only safe policy that core could send.

I think we can revisit this once the spec is actually locked down and browsers are providing practical uses for it.

Note: See TracTickets for help on using tickets.