The Feature-Policy header has been renamed to Permissions-Policy. The Permissions-Policy requires a different implementation and isn't yet supported by all browsers. To avoid having to rename this middleware in the future we use the new name for the middleware but keep the old header name and implementation for now.
Class Public methods
# File actionpack/lib/action_dispatch/http/permissions_policy.rb, line 32 def initialize(app) @app = app end
Instance Public methods
# File actionpack/lib/action_dispatch/http/permissions_policy.rb, line 36 def call(env) request = ActionDispatch::Request.new(env) _, headers, _ = response = @app.call(env) return response unless html_response?(headers) return response if policy_present?(headers) if policy = request.permissions_policy headers[POLICY] = policy.build(request.controller_instance) end if policy_empty?(policy) headers.delete(POLICY) end response end