class ActionDispatch::PermissionsPolicy
end
policy.payment :self, “secure.example.com”
policy.fullscreen :self
policy.usb :none
policy.microphone :none
policy.gyroscope :none
policy.camera :none
Rails.application.config.permissions_policy do |policy|
Example global policy:
its iframes can use.
response header to specify which browser features the current document and
Configures the HTTP
:nodoc:
def apply_mapping(source)
def apply_mapping(source) MAPPINGS.fetch(source) do raise ArgumentError, "Unknown HTTP permissions policy source mapping: #{source.inspect}" end end
def apply_mappings(sources)
def apply_mappings(sources) sources.map do |source| case source when Symbol apply_mapping(source) when String, Proc source else raise ArgumentError, "Invalid HTTP permissions policy source: #{source.inspect}" end end end
def build(context = nil)
def build(context = nil) build_directives(context).compact.join("; ") end
def build_directive(sources, context)
def build_directive(sources, context) sources.map { |source| resolve_source(source, context) } end
def build_directives(context)
def build_directives(context) @directives.map do |directive, sources| if sources.is_a?(Array) "#{directive} #{build_directive(sources, context).join(' ')}" elsif sources directive else nil end end end
def initialize
def initialize @directives = {} yield self if block_given? end
def initialize_copy(other)
def initialize_copy(other) @directives = other.directives.deep_dup end
def resolve_source(source, context)
def resolve_source(source, context) case source when String source when Symbol source.to_s when Proc if context.nil? raise RuntimeError, "Missing context for the dynamic permissions policy source: #{source.inspect}" else context.instance_exec(&source) end else raise RuntimeError, "Unexpected permissions policy source: #{source.inspect}" end end