FYI Private State Token API Permissions Policy Default Allowlist Wildcard #1066
Description
Request for Mozilla Position on an Emerging Web Specification
- Specification title: Private State Token API Permissions Policy Default Allowlist Wildcard
- Specification or proposal URL (if available): Consider making permission defaults * instead of self WICG/trust-token-api#306
- Explainer URL (if available): https://github.com/WICG/trust-token-api/blob/main/README.md
- Proposal author(s) (
@-mention GitHub accounts): @arichiv, @aykutbulut, @dvorak42, @krgovind - Issue URL (optional): https://chromestatus.com/feature/5205548434456576
- WebKit standards-position: FYI Private State Token API Permissions Policy Default Allowlist Wildcard WebKit/standards-positions#391
- TAG Review: FYI Private State Token API Permissions Policy Default Allowlist Wildcard w3ctag/design-reviews#990
- Past Evaluation: Private State Token API #262
Other information
Access to the Private State Token API is gated by Permissions Policy features. We proposed to update the default allowlist for both private-state-token-issuance and private-state-token-redemption features from self to * (wildcard).