Add Document-Policy header #484

Seirdy · 2022-08-12T04:56:25Z

This header accomplishes the following:

Forbids document.write
Forbids document.domain
Forbids use of profiling APIs
Forbids popups (similar to the overly-agressive "sandbox" CSP
directive; uplifed from the deprecated Feature-Policy header)

These are preffed off in Chromium as "experimental"; the only DP
directive currently enabled in Chromium is "force-load-at-top".

More information:

To try this out, go to "chrome://flags" and enable experimental web
platform features. See implementation status at
https://bugs.chromium.org/p/chromium/issues/detail?id=993790.

thestinger · 2022-08-26T03:30:52Z

@Seirdy We had to rebase the repository to fix some commit messages for a legal reason. Can you rebase this?

This header accomplishes the following: - Forbids document.write - Forbids document.domain - Forbids use of profiling APIs - Forbids popups (similar to the overly-agressive "sandbox" CSP directive; uplifed from the deprecated Feature-Policy header) These are preffed off in Chromium as "experimental"; the only DP directive currently enabled in Chromium is "force-load-at-top". More information: - Document-Policy explainer: https://github.com/wicg/document-policy/blob/main/document-policy-explainer.md - Document-Policy specification: https://wicg.github.io/document-policy/ - Current directives supported in Chromium: https://chromium.googlesource.com/chromium/src/+/refs/heads/main/third_party/blink/renderer/core/permissions_policy/document_policy_features.json5 To try this out, go to "chrome://flags" and enable experimental web platform features. See implementation status at https://bugs.chromium.org/p/chromium/issues/detail?id=993790.

Seirdy force-pushed the feat/document-policy branch from 12f7ed9 to a4a87ed Compare August 12, 2022 04:58

thestinger force-pushed the main branch 10 times, most recently from f68494a to b0b84a0 Compare August 18, 2022 19:51

thestinger force-pushed the main branch 2 times, most recently from c6701d3 to 66132ef Compare August 26, 2022 03:15

Seirdy force-pushed the feat/document-policy branch from a4a87ed to 4d9b999 Compare August 26, 2022 16:34

thestinger force-pushed the main branch from 6fe69c3 to 3208ff8 Compare September 9, 2022 19:15

thestinger force-pushed the main branch from 22e389a to a630f25 Compare September 23, 2022 17:15

thestinger force-pushed the main branch 4 times, most recently from 35468ab to b9f5696 Compare October 14, 2022 02:25

thestinger force-pushed the main branch 6 times, most recently from de0367d to db964d7 Compare October 18, 2022 01:00

thestinger force-pushed the main branch 2 times, most recently from 07c0438 to 0cb1182 Compare October 22, 2022 09:38

thestinger force-pushed the main branch from 36d60a6 to ebdb522 Compare November 28, 2024 02:07

thestinger force-pushed the main branch 13 times, most recently from 6df6261 to 9ff9ebe Compare December 9, 2024 22:49

thestinger force-pushed the main branch 7 times, most recently from 344eae9 to 8889812 Compare December 20, 2024 22:09

thestinger force-pushed the main branch 2 times, most recently from fde2131 to df7ee49 Compare December 29, 2024 21:13

thestinger force-pushed the main branch 5 times, most recently from 5e4c313 to 811e79d Compare January 18, 2025 08:18

thestinger force-pushed the main branch 2 times, most recently from 571f78e to e456753 Compare January 26, 2025 14:19

Provide feedback