Action Dispatch PermissionsPolicy
Configures the HTTP Feature-Policy response header to specify which browser features the current document and its iframes can use.
Example global policy:
Rails.application.config.permissions_policy do |policy|
policy.camera :none
policy.gyroscope :none
policy.microphone :none
policy.usb :none
policy.fullscreen :self
policy.payment :self, "https://secure.example.com"
end
The Feature-Policy header has been renamed to Permissions-Policy. The Permissions-Policy requires a different implementation and isnβt yet supported by all browsers. To avoid having to rename this middleware in the future we use the new name for the middleware but keep the old header name and implementation for now.
Namespace
Module
Class
Methods
Attributes
[R] | directives |
Class Public methods
new()
π Source code
# File actionpack/lib/action_dispatch/http/permissions_policy.rb, line 111
def initialize
@directives = {}
yield self if block_given?
end
π See on GitHub
Instance Public methods
build(context = nil)
π Source code
# File actionpack/lib/action_dispatch/http/permissions_policy.rb, line 130
def build(context = nil)
build_directives(context).compact.join("; ")
end
π See on GitHub
initialize_copy(other)
π Source code
# File actionpack/lib/action_dispatch/http/permissions_policy.rb, line 116
def initialize_copy(other)
@directives = other.directives.deep_dup
end
π See on GitHub