The Permissions Policy Guide has been moved to services/network/public/cpp/permissions_policy/README.md
Document Policy (see spec) is a similar mechanism to Permissions Policy. It is intended to cover those kinds of features which don't involve delegation of permission to trusted origins; features which are more about configuring a document, or removing features (sandboxing) from a document or a frame. Document Policy can only be set through an HTTP header, and will not inherit to subframes.
Example HTTP header: Document-Policy: force-load-at-top=?0, lossy-images-max-bpp=1.0
force-load-at-top is set to boolean value false (?0 in Structured Field syntax), i.e. the feature is disallowed in current document;lossy-images-max-bpp is set to 1.0, i.e. lossy image format (e.g. jpeg) images with byte per pixel rate higher than 1.0 will be blocked.If the additional feature is unshipped, or if the correct behaviour with document policy is undetermined, consider shipping the feature behind a runtime-enabled feature.
Document policy features are defined in third_party/blink/renderer/core/permissions_policy/document_policy_features.json5. Add the new feature, placing any runtime-enabled feature or origin trial dependencies in its “depends_on” field as described in the file's comments.
Append the new feature enum with a brief description as well in third_party/blink/public/mojom/permissions_policy/document_policy_feature.mojom
The most common way to check if features are enabled is ExecutionContext::IsFeatureEnabled.
Please add new tests to third_party/blink/web_tests/external/wpt/document-policy/.
For more questions, please feel free to reach out to: iclelland@chromium.org (Emerita: loonybear@)