API Review: Origin Configuration API by chetanpandey1266 · Pull Request #5511 · MicrosoftEdge/WebView2Feedback

chetanpandey1266 · 2026-02-05T07:06:25Z

This pull request introduces a new specification for origin configuration support in WebView2, enabling applications to apply different security and feature policies based on the trust level of content origins. The changes provide APIs for designating origin configurations and configuring feature access and security settings per origin, addressing previous limitations around uniform policy enforcement.

Origin Configuration API and Feature Management:

Added APIs to CoreWebView2Profile for creating, setting, and retrieving feature settings for origin configurations, allowing fine-grained control over security and feature policies.
Defined new interfaces and enums (ICoreWebView2StagingProfile3, ICoreWebView2StagingOriginConfigurationFeatureSetting, and COREWEBVIEW2_ORIGIN_CONFIGURATION_FEATURE) to represent origin-specific feature configurations, including AccentColor and EnhancedSecurityMode.

Usage Examples and API Details:

Provided C++ and .NET/WinRT code samples demonstrating how to set and get origin configuration feature settings, including support for wildcard origin patterns.
Documented API details for both C++ and .NET/WinRT, specifying method signatures and usage for managing origin configuration features.

…OriginNewApproach-draft API Review: Origin Feature Configuration APIs

chetanpandey1266 · 2026-02-05T07:08:06Z

specs/TrustedOriginSetting.md

+  /// is particularly useful for protecting against zero-day exploits and reducing attack
+  /// surface. When enabled for an origin, that origin will have Enhanced Security Mode
+  /// applied; when disabled, normal security mode is used.
+  /// Enhanced security mode can be configured globally via EnhancedSecurityModeLevel API on profile.


For configuring Enhanced Security Mode globally, the API is in discussion and might change. Will update this document based on that

chetanpandey1266 added 17 commits December 11, 2025 13:51

trusted origin API draft

f7d6290

some minor updates

678d745

improve comments

753bca1

added Get sample and made changes to API surface

507a3ea

updated state

b1a44d5

update the comment for SetTrustedOriginFeatures

1dc9a0b

update the description and sample

319191b

PR comments

80f04f6

make improvements in background

f7fd8f2

removed trusted, updated sample and ref doc

f868ac0

removed persistent storage enum

657c3fc

bool to feature state, missed it before

85a5cb0

table with wildcard patterns

b792b84

resolving comments

de84be9

rename to GetEffectiveFeaturesForOrigin

74ea833

reset feature setting

db11473

Merge pull request #5462 from MicrosoftEdge/user/chetanpandey/Trusted…

64e9d9e

…OriginNewApproach-draft API Review: Origin Feature Configuration APIs

chetanpandey1266 added the API Proposal Review WebView2 API Proposal for review. label Feb 5, 2026

chetanpandey1266 commented Feb 5, 2026

View reviewed changes

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

API Review: Origin Configuration API#5511

API Review: Origin Configuration API#5511
chetanpandey1266 wants to merge 17 commits intomainfrom
user/chetanpandey/TrustedOriginNewApproach

chetanpandey1266 commented Feb 5, 2026

Uh oh!

chetanpandey1266 Feb 5, 2026

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant

Conversation

chetanpandey1266 commented Feb 5, 2026

Origin Configuration API and Feature Management:

Usage Examples and API Details:

Uh oh!

chetanpandey1266 Feb 5, 2026

Choose a reason for hiding this comment

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

1 participant