Class: ActionDispatch::PermissionsPolicy
Relationships & Source Files | |
Namespace Children | |
Modules:
| |
Classes:
| |
Inherits: | Object |
Defined in: | actionpack/lib/action_dispatch/http/permissions_policy.rb |
Overview
Configures the HTTP Feature-Policy response header to specify which browser features the current document and its iframes can use.
Example global policy:
Rails.application.config. do |policy|
policy.camera :none
policy.gyroscope :none
policy.microphone :none
policy.usb :none
policy.fullscreen :self
policy.payment :self, "https://secure.example.com"
end
The Feature-Policy header has been renamed to Permissions-Policy. The Permissions-Policy requires a different implementation and isn’t yet supported by all browsers. To avoid having to rename this middleware in the future we use the new name for the middleware but keep the old header name and implementation for now.
Constant Summary
-
DIRECTIVES =
private
List of available permissions can be found at github.com/w3c/webappsec-permissions-policy/blob/main/features.md#policy-controlled-features
{ accelerometer: "accelerometer", ambient_light_sensor: "ambient-light-sensor", autoplay: "autoplay", camera: "camera", encrypted_media: "encrypted-media", fullscreen: "fullscreen", geolocation: "geolocation", gyroscope: "gyroscope", hid: "hid", idle_detection: "idle-detection", magnetometer: "magnetometer", microphone: "microphone", midi: "midi", payment: "payment", picture_in_picture: "picture-in-picture", screen_wake_lock: "screen-wake-lock", serial: "serial", sync_xhr: "sync-xhr", usb: "usb", web_share: "web-share", }.freeze
-
MAPPINGS =
private
# File 'actionpack/lib/action_dispatch/http/permissions_policy.rb', line 75{ self: "'self'", none: "'none'", }.freeze
Class Method Summary
- .new {|_self| ... } ⇒ PermissionsPolicy constructor
Instance Attribute Summary
- #directives readonly
Instance Method Summary
Constructor Details
.new {|_self| ... } ⇒ PermissionsPolicy
# File 'actionpack/lib/action_dispatch/http/permissions_policy.rb', line 109
def initialize @directives = {} yield self if block_given? end
Instance Attribute Details
#directives (readonly)
[ GitHub ]# File 'actionpack/lib/action_dispatch/http/permissions_policy.rb', line 107
attr_reader :directives
Instance Method Details
#build(context = nil)
[ GitHub ]# File 'actionpack/lib/action_dispatch/http/permissions_policy.rb', line 147
def build(context = nil) build_directives(context).compact.join("; ") end
#initialize_copy(other)
[ GitHub ]# File 'actionpack/lib/action_dispatch/http/permissions_policy.rb', line 114
def initialize_copy(other) @directives = other.directives.deep_dup end