initial commit

3 files changed, 229 insertions, 0 deletions

diff --git a/files/zh-cn/web/http/headers/feature-policy/autoplay/index.html b/files/zh-cn/web/http/headers/feature-policy/autoplay/index.html
new file mode 100644
index 0000000000..88dc07c786
--- /dev/null
+++ b/files/zh-cn/web/http/headers/feature-policy/autoplay/index.html
@@ -0,0 +1,52 @@
+---
+title: 'Feature-Policy: autoplay'
+slug: Web/HTTP/Headers/Feature-Policy/autoplay
+translation_of: Web/HTTP/Headers/Feature-Policy/autoplay
+---
+<div>{{HTTPSidebar}} {{SeeCompatTable}}</div>
+
+<p><span class="seoSummary">The HTTP {{HTTPHeader("Feature-Policy")}} header <code>autoplay</code> directive controls whether the current document is allowed to autoplay media requested through the {{domxref("HTMLMediaElement")}} interface.</span> When this policy is enabled and there were no user gestures, the {{domxref("Promise")}} returned by {{domxref("HTMLMediaElement.play()")}} will reject with a <code>DOMException</code>. The {{htmlattrxref("autoplay", "audio")}} attribute on {{HTMLElement("audio")}} and {{HTMLElement("video")}} elements will be ignored.</p>
+
+<p>For more details on autoplay and autoplay blocking, see the article <a href="/en-US/docs/Web/Media/Autoplay_guide">Autoplay guide for media and Web Audio APIs</a>.</p>
+
+<h2 id="语法">语法</h2>
+
+<pre class="syntaxbox">Feature-Policy: autoplay &lt;可选&gt;;</pre>
+
+<dl>
+ <dt>&lt;allowlist&gt;</dt>
+ <dd>{{page("Web/HTTP/Feature_Policy/Using_Feature_Policy", "allowlist")}} 默认值是<code>'self'</code>.</dd>
+</dl>
+
+<h2 id="参考说明">参考说明</h2>
+
+<table class="standard-table">
+ <thead>
+  <tr>
+   <th scope="col">参考说明</th>
+   <th scope="col">状态</th>
+   <th scope="col">注解</th>
+  </tr>
+ </thead>
+ <tbody>
+  <tr>
+   <td>{{SpecName('Feature Policy')}}</td>
+   <td>{{Spec2('Feature Policy')}}</td>
+   <td>Initial definition.</td>
+  </tr>
+ </tbody>
+</table>
+
+<h2 id="浏览器兼容性支持">浏览器兼容性支持</h2>
+
+
+
+<p>{{Compat("http.headers.Feature-Policy.autoplay")}}</p>
+
+<h2 id="See_also">See also</h2>
+
+<ul>
+ <li>{{HTTPHeader("Feature-Policy")}} header</li>
+ <li><a href="/en-US/docs/Web/HTTP/Feature_Policy">Feature Policy</a></li>
+ <li><a href="/en-US/docs/Web/HTTP/Feature_Policy/Using_Feature_Policy">Using Feature Policy</a></li>
+</ul>
diff --git a/files/zh-cn/web/http/headers/feature-policy/camera/index.html b/files/zh-cn/web/http/headers/feature-policy/camera/index.html
new file mode 100644
index 0000000000..b2c71e2f36
--- /dev/null
+++ b/files/zh-cn/web/http/headers/feature-policy/camera/index.html
@@ -0,0 +1,54 @@
+---
+title: 'Feature-Policy: camera'
+slug: Web/HTTP/Headers/Feature-Policy/camera
+translation_of: Web/HTTP/Headers/Feature-Policy/camera
+---
+<div>{{HTTPSidebar}}</div>
+
+<p><span class="seoSummary">HTTP{{HTTPHeader("Feature-Policy")}} 头当中的<code>camera</code></span>指令控制着当前的文档是否允许使用视频输入设备。当这些策略被开启时，由<span class="seoSummary">{{domxref("MediaDevices.getUserMedia()")}} 返回的{{jsxref("Promise")}}将会reject一个 {{domxref("NotAllowedError")}}错误。</span></p>
+
+<h2 id="语法结构">语法结构</h2>
+
+<pre class="syntaxbox">Feature-Policy: camera &lt;allowlist&gt;;</pre>
+
+<dl>
+ <dt>&lt;allowlist&gt;</dt>
+ <dd>{{page("Web/HTTP/Feature_Policy/Using_Feature_Policy", "allowlist")}}</dd>
+</dl>
+
+<h2 id="默认策略">默认策略</h2>
+
+<p>默认值为 <code>'self'。</code></p>
+
+<h2 id="定义">定义</h2>
+
+<table class="standard-table">
+ <thead>
+  <tr>
+   <th scope="col">Specification</th>
+   <th scope="col">Status</th>
+   <th scope="col">Comment</th>
+  </tr>
+ </thead>
+ <tbody>
+  <tr>
+   <td>{{SpecName('Feature Policy')}}</td>
+   <td>{{Spec2('Feature Policy')}}</td>
+   <td>最初的定义。</td>
+  </tr>
+ </tbody>
+</table>
+
+<h2 id="浏览器兼容性">浏览器兼容性</h2>
+
+
+
+<p>{{Compat('http.headers.Feature-Policy.camera')}}</p>
+
+<h2 id="See_also">See also</h2>
+
+<ul>
+ <li>{{HTTPHeader("Feature-Policy")}} header</li>
+ <li><a href="/en-US/docs/Web/HTTP/Feature_Policy">Feature Policy</a></li>
+ <li><a href="/en-US/docs/Web/HTTP/Feature_Policy/Using_Feature_Policy">Using Feature Policy</a></li>
+</ul>
diff --git a/files/zh-cn/web/http/headers/feature-policy/index.html b/files/zh-cn/web/http/headers/feature-policy/index.html
new file mode 100644
index 0000000000..ee0321900a
--- /dev/null
+++ b/files/zh-cn/web/http/headers/feature-policy/index.html
@@ -0,0 +1,123 @@
+---
+title: Feature-Policy
+slug: Web/HTTP/Headers/Feature-Policy
+translation_of: Web/HTTP/Headers/Feature-Policy
+---
+<div>{{HTTPSidebar}} {{SeeCompatTable}}</div>
+
+<div> </div>
+
+<div><strong><code>Feature-Policy</code></strong>响应头提供了一种可以在本页面或包含的iframe上启用或禁止浏览器特性的机制。</div>
+
+<p>更多的信息，请查看<a href="/docs/Web/HTTP/Feature_Policy">Feature Policy</a></p>
+
+<table class="properties">
+ <tbody>
+  <tr>
+   <th scope="row">Header type</th>
+   <td>{{Glossary("Response header")}}</td>
+  </tr>
+  <tr>
+   <th scope="row">{{Glossary("Forbidden header name")}}</th>
+   <td>yes</td>
+  </tr>
+ </tbody>
+</table>
+
+<h2 id="语法">语法</h2>
+
+<pre class="syntaxbox">Feature-Policy: &lt;directive&gt; &lt;allowlist&gt;</pre>
+
+<p><strong>&lt;allowlist&gt;</strong></p>
+
+<ul>
+ <li><code>*</code>: 允许在当前文档和所有包含的内容（比如iframes）中使用本特性。</li>
+ <li><code>'self'</code>: 允许在当前文档中使用本特性，但在包含的内容（比如iframes）仍使用原值。</li>
+ <li><code>'src'</code>: (只在iframe中允许) 只要在{{HTMLElement('iframe','src','#Attributes')}} 中的URL和加载iframe用的URL相同，则本特性在iframe中允许，</li>
+ <li><code>'none'</code>: 从最上层到包含的内容都禁止本特性。 &lt;origin(s)&gt;: 在特定的源中允许，源URL以空格分割。</li>
+</ul>
+
+<ul>
+ <li><code>*</code>: 本特性默认在最上层和包含的内容中（iframes）允许。</li>
+ <li><code>'self'</code>: 本特性默认在最上层允许，而包含的内容中（iframes）使用源地址相同设定。也就是说本特性在iframe中不允许跨域访问。</li>
+ <li><code>'none'</code>: 本特性默认在最上层和包含的内容中（iframes）都禁止。</li>
+</ul>
+
+<p><code>*</code>(在所有源地址启用)<code><font face="Arial, x-locale-body, sans-serif">或</font>'none'</code>(在所有源地址禁用)只允许单独使用，而<code>'self'</code>和<code>'src'</code>可以与多个源地址一起使用。</p>
+
+<p>所有的特性都有一个如下的默认的allowlist</p>
+
+<ul>
+ <li><code>*</code>: 本特性默认在最上层和包含的内容中（iframes）允许。</li>
+ <li><code>'self'</code>: 本特性默认在最上层允许，而包含的内容中（iframes）使用源地址相同设定。也就是说本特性在iframe中不允许跨域访问。</li>
+ <li><code>'none'</code>: 本特性默认在最上层和包含的内容中（iframes）都禁止。</li>
+</ul>
+
+<h2 id="指令">指令</h2>
+
+<dl>
+ <dt>{{httpheader('Feature-Policy/autoplay','autoplay')}}</dt>
+ <dd>控制是否允许当前文档自动播放媒体。这种控制是通过接口 {{domxref("HTMLMediaElement")}} 来实现。当这种规则被启用，而且没有用户操作的时候，{{domxref("HTMLMediaElement.play()")}}返回的 {{domxref("Promise")}}会拒绝并抛出一个<code>DOMException</code>异常。在{{HTMLELement("audio")}}和{{HTMLELement("video")}}上的autoplay属性会被忽略。</dd>
+ <dt>{{httpheader('Feature-Policy/camera', 'camera')}}</dt>
+ <dd>控制是否允许当前文档使用视频输入设备。当这种规则被启用时，{{domxref("MediaDevices.getUserMedia()")}}返回的the {{jsxref("Promise")}}会拒绝并抛出错误<code>NotAllowedError。</code></dd>
+ <dt>{{httpheader('Feature-Policy/document-domain','document-domain')}}</dt>
+ <dd>控制是否允许当前文档设置{{domxref("document.domain")}}。当这种规则被启用时，尝试设置{{domxref("document.domain")}}会失败并抛出<code>SecurityError </code>{{domxref("DOMException")}}异常。</dd>
+ <dt>{{httpheader('Feature-Policy/encrypted-media', 'encrypted-media')}}</dt>
+ <dd>控制是否允许当前文档使用<a href="/en-US/docs/Web/API/Encrypted_Media_Extensions_API">Encrypted Media Extensions</a> API (EME)。当这种规则被启用时，{{domxref("Navigator.requestMediaKeySystemAccess()")}}返回的{{domxref("Promise")}}会拒绝并抛出<code>DOMException</code>异常。</dd>
+ <dt>{{httpheader('Feature-Policy/fullscreen','fullscreen')}}</dt>
+ <dd>控制是否允许当前文档使用{{domxref('Element.requestFullScreen()')}}。当这种规则被启用时，返回的{{jsxref('Promise')}}会拒绝并抛出{{jsxref('TypeError')}}。</dd>
+ <dt>{{httpheader('Feature-Policy/geolocation','geolocation')}}</dt>
+ <dd>控制是否允许当前文档使用{{domxref('Geolocation')}}接口。当这种规则被启用时，调用{{domxref('Geolocation.getCurrentPosition','getCurrentPosition()')}}和{{domxref('Geolocation.watchPosition','watchPosition()')}}会返回包含<code>PERMISSION_DENIED</code>的 {{domxref('PositionError')}}。</dd>
+ <dt>{{httpheader('Feature-Policy/microphone','microphone')}}</dt>
+ <dd>控制是否允许当前文档使用音频输入设备。当这种规则被启用时，{{domxref("MediaDevices.getUserMedia()")}}返回的the {{jsxref("Promise")}}会拒绝并抛出错误<code>NotAllowedError。</code></dd>
+ <dt>{{httpheader('Feature-Policy/midi', 'midi')}}</dt>
+ <dd>控制是否允许当前文档使用<a href="/en-US/docs/Web/API/Web_MIDI_API">Web MIDI API</a>。当这种规则被启用时，{{domxref("Navigator.requestMIDIAccess()")}} 返回的the {{jsxref("Promise")}}会拒绝并抛出错误<code>DOMException。</code></dd>
+ <dt>{{httpheader('Feature-Policy/payment', 'payment')}}</dt>
+ <dd>控制是否允许当前文档使用<a href="/en-US/docs/Web/API/Payment_Request_API">Payment Request API</a>。当这种规则被启用时，构造器{{domxref("PaymentRequest()")}} 会抛出错误<code>SecurityError。</code></dd>
+ <dt>{{httpheader('Feature-Policy/vr', 'vr')}} / <code>xr</code></dt>
+ <dd>控制是否允许当前文档使用<a href="/en-US/docs/Web/API/WebVR_API">WebVR API</a>。当这种规则被启用时，{{domxref("Navigator.getVRDisplays()")}} 返回的the {{jsxref("Promise")}}会拒绝并抛出错误<code>DOMException。</code></dd>
+</dl>
+
+<h2 id="示例">示例</h2>
+
+<p>SecureCorp Inc. 公司想要在应用中禁用震动和定位API，则可以在返回的response中传递以下定义feature policy的HTTP的头部信息：</p>
+
+<pre>Feature-Policy: vibrate 'none'; geolocation 'none'
+</pre>
+
+<p>通过使用<code>'none'</code>关键词，不管原来如何设定，这些特性在所有浏览的上下文中都会被禁用。</p>
+
+<h2 id="规范">规范</h2>
+
+<table class="standard-table">
+ <thead>
+  <tr>
+   <th scope="col">Specification</th>
+   <th scope="col">Status</th>
+   <th scope="col">Comment</th>
+  </tr>
+ </thead>
+ <tbody>
+  <tr>
+   <td>{{SpecName('Feature Policy','#feature-policy-http-header-field','Feature-Policy')}}</td>
+   <td>{{Spec2('Feature Policy')}}</td>
+   <td>Initial definition.</td>
+  </tr>
+ </tbody>
+</table>
+
+<h2 id="浏览器兼容">浏览器兼容</h2>
+
+
+
+<p>{{Compat("http.headers.Feature-Policy")}}</p>
+
+<h2 id="参见">参见</h2>
+
+<ul>
+ <li><a href="/en-US/docs/Web/HTTP/Feature_Policy">Feature Policy</a></li>
+ <li><a href="/en-US/docs/Web/HTTP/Feature_Policy/Using_Feature_Policy">Using Feature Policy</a></li>
+ <li><a class="external external-icon" href="https://chrome.google.com/webstore/detail/feature-policy-tester-dev/pchamnkhkeokbpahnocjaeednpbpacop" rel="noopener">Feature-Policy Tester (Chrome Developer Tools extension)</a></li>
+ <li>{{HTTPHeader("Content-Security-Policy")}}</li>
+ <li>{{HTTPHeader("Referrer-Policy")}}</li>
+</ul>