Class: ActionDispatch::PermissionsPolicy

Relationships & Source Files
Namespace Children
Modules: `Request`
Classes: `Middleware`
Inherits:	Object
Defined in:	actionpack/lib/action_dispatch/http/permissions_policy.rb

Overview

Configures the HTTP Feature-Policy response header to specify which browser features the current document and its iframes can use.

Example global policy:

Rails.application.config.permissions_policy do |policy|
  policy.camera      :none
  policy.gyroscope   :none
  policy.microphone  :none
  policy.usb         :none
  policy.fullscreen  :self
  policy.payment     :self, "https://secure.example.com"
end

The Feature-Policy header has been renamed to Permissions-Policy. The Permissions-Policy requires a different implementation and isn’t yet supported by all browsers. To avoid having to rename this middleware in the future we use the new name for the middleware but keep the old header name and implementation for now.

Constant Summary

DIRECTIVES = private

List of available permissions can be found at github.com/w3c/webappsec-permissions-policy/blob/main/features.md#policy-controlled-features

# File 'actionpack/lib/action_dispatch/http/permissions_policy.rb', line 82

{
  accelerometer:        "accelerometer",
  ambient_light_sensor: "ambient-light-sensor",
  autoplay:             "autoplay",
  camera:               "camera",
  encrypted_media:      "encrypted-media",
  fullscreen:           "fullscreen",
  geolocation:          "geolocation",
  gyroscope:            "gyroscope",
  hid:                  "hid",
  idle_detection:       "idle_detection",
  magnetometer:         "magnetometer",
  microphone:           "microphone",
  midi:                 "midi",
  payment:              "payment",
  picture_in_picture:   "picture-in-picture",
  screen_wake_lock:     "screen-wake-lock",
  serial:               "serial",
  sync_xhr:             "sync-xhr",
  usb:                  "usb",
  web_share:            "web-share",
}.freeze

MAPPINGS = private
# File 'actionpack/lib/action_dispatch/http/permissions_policy.rb', line 75
```
{
  self: "'self'",
  none: "'none'",
}.freeze
```

Class Method Summary

.new {|_self| ... } ⇒ PermissionsPolicy constructor

Instance Attribute Summary

#directives readonly

Constructor Details

.new {|_self| ... } ⇒ `PermissionsPolicy`

Yields:

(_self)

Yield Parameters:

_self (PermissionsPolicy) —

the object that the method was called on

[ GitHub ]

# File 'actionpack/lib/action_dispatch/http/permissions_policy.rb', line 109


def initialize
  @directives = {}
  yield self if block_given?
end

Instance Attribute Details

#directives (readonly)

[ GitHub ]

# File 'actionpack/lib/action_dispatch/http/permissions_policy.rb', line 107


attr_reader :directives

Instance Method Details

#build(context = nil)

[ GitHub ]

# File 'actionpack/lib/action_dispatch/http/permissions_policy.rb', line 147


def build(context = nil)
  build_directives(context).compact.join("; ")
end

#initialize_copy(other)

[ GitHub ]

# File 'actionpack/lib/action_dispatch/http/permissions_policy.rb', line 114


def initialize_copy(other)
  @directives = other.directives.deep_dup
end

Class: ActionDispatch::PermissionsPolicy

Overview

Constant Summary

Class Method Summary

Instance Attribute Summary

Instance Method Summary

Constructor Details

.new {|_self| ... } ⇒ PermissionsPolicy

Instance Attribute Details

#directives (readonly)

Instance Method Details

#build(context = nil)

#initialize_copy(other)

.new {|_self| ... } ⇒ `PermissionsPolicy`