Permissions delegated from the top-level context to a fenced frame for allowing and denying features could be used as a communication channel, so constitute a privacy threat. As a result, standard web features that can have their availability controlled via Permissions Policy (for example, camera
or geolocation
) are not available within fenced frames.
The only features that can be enabled by a policy inside fenced frames are the specific features designed to be used inside fenced frames:
- Protected Audience API
attribution-reporting
private-aggregation
shared-storage
shared-storage-select-url
- Shared Storage API
attribution-reporting
private-aggregation
shared-storage
shared-storage-select-url
Currently these are always enabled inside fenced frames. In the future, which ones are enabled will be controllable using the <fencedframe>
allow
attribute. Blocking privacy sandbox features in this manner will also block the fenced frame from loading — there will be no communication channel at all.