Action Dispatch PermissionsPolicy

Configures the HTTP Feature-Policy response header to specify which browser features the current document and its iframes can use.

Example global policy:

Rails.application.config.permissions_policy do |policy|
  policy.camera      :none
  policy.gyroscope   :none
  policy.microphone  :none
  policy.usb         :none
  policy.fullscreen  :self
  policy.payment     :self, "https://secure.example.com"
end

The Feature-Policy header has been renamed to Permissions-Policy. The Permissions-Policy requires a different implementation and isn’t yet supported by all browsers. To avoid having to rename this middleware in the future we use the new name for the middleware but keep the old header name and implementation for now.

Namespace

Methods

B

build

I

initialize_copy

N

Attributes

[R]

directives

Class Public methods

new() Link

Source: show | on GitHub

# File actionpack/lib/action_dispatch/http/permissions_policy.rb, line 116
def initialize
  @directives = {}
  yield self if block_given?
end

Instance Public methods

build(context = nil) Link

Source: show | on GitHub

# File actionpack/lib/action_dispatch/http/permissions_policy.rb, line 154
def build(context = nil)
  build_directives(context).compact.join("; ")
end

initialize_copy(other) Link

Source: show | on GitHub

# File actionpack/lib/action_dispatch/http/permissions_policy.rb, line 121
def initialize_copy(other)
  @directives = other.directives.deep_dup
end

Class ActionDispatch::PermissionsPolicy < Object

Action Dispatch PermissionsPolicy

Attributes

Class Public methods

new() Link

Instance Public methods

build(context = nil) Link

initialize_copy(other) Link