A web platform API which gives a website the ability to allow and deny the use of browser features in its own frame, and in iframes that it embeds. Examples of features that could be controlled by feature policy include:
- getUserMedia (Camera, Speakers and Microphone)
- Fullscreen
- Geolocation
- MIDI
- Payments
- Synchronous XHR
- Synchronous scripts
- Lazyload
- ...
The spec is hosted on this repo, at https://w3c.github.io/webappsec-feature-policy/
For more explanation, use cases, examples, etc., please refer to the explainer document.
Questions, suggestions? Please open an issue or send a pull request!