module ActionController::PermissionsPolicy
HTTP Permissions Policy is a web standard for defining a mechanism to allow and deny the use of browser permissions in its own context, and in content within any <iframe> elements in the document.
Full details of HTTP Permissions Policy specification and guidelines can be found at MDN:
developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy
Examples of usage:
# Global policy
Rails.application.config.permissions_policy do |f|
f.camera :none
f.gyroscope :none
f.microphone :none
f.usb :none
f.fullscreen :self
f.payment :self, "https://secure.example.com"
end
# Controller level policy
class PagesController < ApplicationController
permissions_policy do |p|
p.geolocation "https://example.com"
end
end
© 2004–2020 David Heinemeier Hansson
Licensed under the MIT License.