Permission Delegation

Currently, iframes on the web can make permission requests and users will be shown permission prompts that contain the origin of the iframe. Making permission decisions for iframes and managing previous decisions is complicated and confusing. To address this problem, we propose that users only ever be required to make permission decisions about the top level origin of a website. It is then up to the top level website to delegate permission to the various iframes which it embeds, if it chooses.

Documentation

• https://docs.google.com/document/d/1x5QejvpyQ71LPWhMLsaM1lWCfSsBsSQ8Dap9kJ6uLv0/edit?ts=5b857603#heading=h.ib6rctasbt3y

Specification

Public discussion

Status in Chromium

Blink components: Blink>PermissionsAPI

Enabled by default (tracking bug) in:

• Chrome for desktop release 71
• Chrome for Android release 71

Consensus & Standardization

• Firefox: No public signals
• Edge: No public signals
• Safari: No public signals
• Web Developers: No signals

Owner

• raymes@chromium.org

Intent to Implement url

Last updated on 2019-03-27