Finalize permissions #320
Description
Only a handful are covered so far (cf. #158 )
We may want to add more of what's in the iframe.{sandbox,allow} and Permissions-Policy combos / overlaps
temptative exhaustive overlap matrix (probably don't want most of these but here for completeness
| Feature | Permissions-Policy | allow | sandbox |
|---|---|---|---|
| Scripts & Execution | |||
| JavaScript execution | allow-scripts | ||
| WASM execution | allow-scripts | ||
document.domain | document-domain | document-domain | |
| Origin & Storage | |||
| Same-origin access | allow-same-origin | ||
| Storage Access API | storage-access | storage-access | allow-storage-access-by-user-activation |
| Navigation | |||
| Top navigation | allow-top-navigation | ||
| Top nav (user gesture) | allow-top-navigation-by-user-activation | ||
| Custom protocols | allow-top-navigation-to-custom-protocols | ||
| Popups | allow-popups | ||
| Popups escape sandbox | allow-popups-to-escape-sandbox | ||
| Forms & Modals | |||
| Form submission | allow-forms | ||
alert/confirm/prompt | allow-modals | ||
print() | allow-modals | ||
| Camera & Mic | |||
| Camera | camera | camera | |
| Microphone | microphone | microphone | |
| Speaker selection | speaker-selection | speaker-selection | |
| Screen & Display | |||
| Fullscreen | fullscreen | fullscreen | (no token) |
| Display capture | display-capture | display-capture | |
| Picture-in-Picture | picture-in-picture | picture-in-picture | |
| Window management | window-management | window-management | |
| Orientation & Pointer | |||
| Pointer lock | pointer-lock | pointer-lock | allow-pointer-lock |
| Screen orientation | screen-orientation | screen-orientation | allow-orientation-lock |
| Location & Sensors | |||
| Geolocation | geolocation | geolocation | |
| Accelerometer | accelerometer | accelerometer | |
| Gyroscope | gyroscope | gyroscope | |
| Magnetometer | magnetometer | magnetometer | |
| Ambient light | ambient-light-sensor | ambient-light-sensor | |
| Compute pressure | compute-pressure | compute-pressure | |
| Hardware Access | |||
| USB | usb | usb | |
| Serial | serial | serial | |
| Bluetooth | bluetooth | bluetooth | |
| HID (gamepads, etc.) | hid | hid | |
| Gamepad | gamepad | gamepad | |
| MIDI | midi | midi | |
| Clipboard | |||
| Clipboard read | clipboard-read | clipboard-read | |
| Clipboard write | clipboard-write | clipboard-write | |
| Payment & Credentials | |||
| Payment Request | payment | payment | |
| WebAuthn create | publickey-credentials-create | publickey-credentials-create | |
| WebAuthn get | publickey-credentials-get | publickey-credentials-get | |
| Identity credentials | identity-credentials-get | identity-credentials-get | |
| OTP credentials | otp-credentials | otp-credentials | |
| Media | |||
| Autoplay | autoplay | autoplay | |
| Encrypted media (DRM) | encrypted-media | encrypted-media | |
| Downloads | |||
| Downloads | downloads | downloads | allow-downloads |
| Presentation | |||
| Presentation API | presentation | presentation | allow-presentation |
| Other APIs | |||
| Web Share | web-share | web-share | |
| Idle detection | idle-detection | idle-detection | |
| Local fonts | local-fonts | local-fonts | |
| Screen wake lock | screen-wake-lock | screen-wake-lock | |
| WebXR | xr-spatial-tracking | xr-spatial-tracking | |
| Privacy/Tracking | |||
| Attribution reporting | attribution-reporting | attribution-reporting | |
| Browsing topics | browsing-topics | browsing-topics | |
| Cross-origin isolated | cross-origin-isolated | cross-origin-isolated |