Permission Delegation API for Iframes

Two main aspects to this feature: 1) Give an embedding page the ability to delegate permissions (such as geolocation) to iframes that are embedded within it. 2) Impose a restriction which prevents iframes from acquiring a permission unless the iframe’s embedder has explicitly delegated it. See https://noncombatant.github.io/permission-delegation-api/

Documentation

• Spec: https://noncombatant.github.io/permission-delegation-api/
• https://lists.w3.org/Archives/Public/public-webappsec/2016Apr/0041.html
• https://lists.w3.org/Archives/Public/public-webappsec/2016Mar/thread.html#msg34
• https://docs.google.com/document/d/1iaocsSuVrU11FFzZwy7EnJNOwxhAHMroWSOEERw5hO0/edit

Status in Chromium

Blink components: Blink

Proposed (launch bug)

Consensus & Standardization

• Firefox: Public skepticism
• Edge: No public signals
• Safari: No public signals
• Web Developers: No signals

Owners

• raymes@chromium.org
• palmer@chromium.org

Last updated on 2017-06-14