It’s proposed that by default the following permissions cannot be requested or granted to content contained in cross-origin iframes: Geolocation Midi Encrypted media extensions Microphone and Camera In order for a cross-origin frame to get access to these permissions, the embedding page must specify a Feature Policy which enables the feature for the frame. For example, to enable geolocation in an iframe, the embedder could specify the iframe tag as: <iframe src="..." allow="geolocation">


Status in Chromium


Enabled by default (tracking bug)

Consensus & Standardization

After a feature ships in Chrome, the values listed here are not guaranteed to be up to date.

  • No signal
  • No signal
  • No signals



Spec bugs: -Geolocation: -EME: -Midi: -Mic/Camera:

Last updated on 2021-09-24