method

permissions_policy

v8.1.1 - Show latest stable - 0 notes - Class: ClassMethods

1.0.0
1.1.6
1.2.6
2.0.3
2.1.0
2.2.1
2.3.8
3.0.0
3.0.9
3.1.0
3.2.1
3.2.8
3.2.13
4.0.2
4.1.8
4.2.1
4.2.7
4.2.9
5.0.0.1
5.1.7
5.2.3
6.0.0
6.1.3.1 (0)
6.1.7.7 (0)
7.0.0 (0)
7.1.3.2 (38)
7.1.3.4 (0)
7.2.3 (1)
8.0.0 (0)
8.1.1 (13)
What's this?

permissions_policy(**options, &block) public

Overrides parts of the globally configured `Feature-Policy` header:

class PagesController < ApplicationController
  permissions_policy do |policy|
    policy.geolocation "https://example.com"
  end
end

Options can be passed similar to `before_action`. For example, pass `only: :index` to override the header on the index action only:

class PagesController < ApplicationController
  permissions_policy(only: :index) do |policy|
    policy.camera :self
  end
end

Requires a global policy defined in an initializer, which can be empty:

Rails.application.config.permissions_policy do |policy|
  # policy.gyroscope :none
end

Show source

# File actionpack/lib/action_controller/metal/permissions_policy.rb, line 33
      def permissions_policy(**options, &block)
        before_action(options) do
          unless request.respond_to?(:permissions_policy)
            raise "Cannot override permissions_policy if no global permissions_policy configured."
          end
          if block_given?
            policy = request.permissions_policy.clone
            instance_exec(policy, &block)
            request.permissions_policy = policy
          end
        end
      end

permissions_policy

Related methods