Controlling powerful features
The permissions policy, formerly called feature policy, lets a page declare which powerful browser features may be used and by whom. It governs capabilities such as camera, microphone, geolocation, and fullscreen, and it applies to the page and to any frames it embeds.
- It allow lists features per origin.
- It applies down into embedded frames.
- A denied feature simply fails for that context.
Why per frame control matters
A page often embeds third party frames for ads or widgets. Without control, an embedded frame could request the camera and prompt the user under your site's banner. The permissions policy lets you grant a feature only to your own origin and explicitly delegate it to a trusted frame through the allow attribute on the iframe.
- Set the header to restrict features for the whole document.
- Use the iframe allow attribute to delegate to a specific frame.
- Default to denying sensitive features and grant narrowly.
This least privilege approach shrinks the surface that a compromised or hostile embed can abuse.
Key idea
The permissions policy allow lists powerful features per origin and per frame so embeds cannot silently request sensitive capabilities.