The Feature-Policy header has been renamed to Permissions-Policy. The Permissions-Policy requires a different implementation and isn't yet supported by all browsers. To avoid having to rename this middleware in the future we use the new name for the middleware but keep the old header name and implementation for now.
# File actionpack/lib/action_dispatch/http/permissions_policy.rb, line 16 def initialize(app) @app = app end
# File actionpack/lib/action_dispatch/http/permissions_policy.rb, line 20 def call(env) request = ActionDispatch::Request.new(env) _, headers, _ = response = @app.call(env) return response unless html_response?(headers) return response if policy_present?(headers) if policy = request.permissions_policy headers[POLICY] = policy.build(request.controller_instance) end if policy_empty?(policy) headers.delete(POLICY) end response end