← Back to release summary

web-share permission policy

Category

Miscellaneous

Type

New or changed feature

Status

Enabled by default (Chrome 110)

Intent stage

Prepare to ship

Summary

Controls access to navigator.share(). By default, third-party iframes do not have permission to use the Web Share API.

Motivation

Third party iframes could previously use navigator.share() without explicit permission from the site. The new permission policy's default allowlist is 'self', preventing such abuse. Organizations that want to prevent sharing will be able to define an enterprise policy.

Standards & signals

• Specification: https://w3c.github.io/web-share/#permissions-policy
• Firefox: Shipped/Shipping
• Safari: Shipped/Shipping — CL recently merged: https://github.com/WebKit/WebKit/commit/ded7a6094a6ca38833e63a7915b7b6a2832f5734
• Web developers: No signals
• Tracking bug: https://bugs.chromium.org/p/chromium/issues/detail?id=1079104

Docs: https://w3c.github.io/web-share

Samples: https://scrawny-bottlenose-somersault.glitch.me/share-from-iframes.html

Explainers: https://github.com/w3c/web-share/blob/master/docs/explainer.md

View on chromestatus.com