Permissions-Policy header - Chrome Platform Status

Feature: Permissions-Policy header

The Permissions-Policy HTTP header replaces the existing Feature-Policy header for controlling delegation of permissions and powerful features. The header uses a structured syntax, and allows sites to more tightly restrict which origins can be granted access to features.

Motivation

The Feature Policy API was recently renamed to "Permissions Policy", and the HTTP header has been renamed along with it. At the same time, the community has settled on a new syntax, based on Structured Field Values for HTTP.

Documentation

https://github.com/w3c/webappsec-feature-policy/blob/master/permissions-policy-explainer.md

Specification

Editor's draft

Status in Chromium

Blink components: Blink

Enabled by default (tracking bug) in:

Chrome for desktop release 88
Chrome for Android release 88
Android WebView release 88

Consensus & Standardization

After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.

Firefox: Positive
Edge: No signal
Safari: No signal
Web Developers: Positive

Owner

iclelland@chromium.org

Intent to Prototype url

Intent to Prototype thread

Last updated on 2021-02-25