Add 'allow' tag to iframe allowed attributes

Idea created by Ian Anderson on Feb 20, 2018
    Open for Voting
    Score6
    • Ian Anderson
    • John von Seggern
    • Chris Plapp
    • Jake Wang
    • Andrew Gallacher
    • Adam Young

    In Google Chrome's recent update (version 64) they removed support for certain functionality in cross-origin iframes unless you use the 'allow' attribute to explicitly allow it. Without this attribute, content cannot be embedded within Canvas that includes encrypted media, uses the microphone or camera, etc. This includes embedding any video that requires DRM.

     

    To learn more about this issue, please see: https://sites.google.com/a/chromium.org/dev/Home/chromium-security/deprecating-permissions-in-cross-origin-iframes

     

    The solution described in this article (using the allow attribute) is not currently possible in Canvas. Use of the 'allow' iframe attribute needs to be permitted to resolve this issue.