class ActionDispatch::PermissionsPolicy

Configures the HTTP Feature-Policy response header to specify which browser features the current document and its iframes can use.

Example global policy:

Rails.application.config.permissions_policy do |policy|
  policy.camera      :none
  policy.gyroscope   :none
  policy.microphone  :none
  policy.usb         :none
  policy.fullscreen  :self
  policy.payment     :self, "https://secure.example.com"
end

Constants

DIRECTIVES

List of available permissions can be found at github.com/w3c/webappsec-permissions-policy/blob/master/features.md#policy-controlled-features

MAPPINGS

Attributes

directives[R]

Public Class Methods

new() { |self| ... } click to toggle source
# File lib/action_dispatch/http/permissions_policy.rb, line 113
def initialize
  @directives = {}
  yield self if block_given?
end

Public Instance Methods

build(context = nil) click to toggle source
# File lib/action_dispatch/http/permissions_policy.rb, line 132
def build(context = nil)
  build_directives(context).compact.join("; ")
end
initialize_copy(other) click to toggle source
# File lib/action_dispatch/http/permissions_policy.rb, line 118
def initialize_copy(other)
  @directives = other.directives.deep_dup
end

Private Instance Methods

apply_mapping(source) click to toggle source
# File lib/action_dispatch/http/permissions_policy.rb, line 150
def apply_mapping(source)
  MAPPINGS.fetch(source) do
    raise ArgumentError, "Unknown HTTP permissions policy source mapping: #{source.inspect}"
  end
end
apply_mappings(sources) click to toggle source
# File lib/action_dispatch/http/permissions_policy.rb, line 137
def apply_mappings(sources)
  sources.map do |source|
    case source
    when Symbol
      apply_mapping(source)
    when String, Proc
      source
    else
      raise ArgumentError, "Invalid HTTP permissions policy source: #{source.inspect}"
    end
  end
end
build_directive(sources, context) click to toggle source
# File lib/action_dispatch/http/permissions_policy.rb, line 168
def build_directive(sources, context)
  sources.map { |source| resolve_source(source, context) }
end
build_directives(context) click to toggle source
# File lib/action_dispatch/http/permissions_policy.rb, line 156
def build_directives(context)
  @directives.map do |directive, sources|
    if sources.is_a?(Array)
      "#{directive} #{build_directive(sources, context).join(' ')}"
    elsif sources
      directive
    else
      nil
    end
  end
end
resolve_source(source, context) click to toggle source
# File lib/action_dispatch/http/permissions_policy.rb, line 172
def resolve_source(source, context)
  case source
  when String
    source
  when Symbol
    source.to_s
  when Proc
    if context.nil?
      raise RuntimeError, "Missing context for the dynamic permissions policy source: #{source.inspect}"
    else
      context.instance_exec(&source)
    end
  else
    raise RuntimeError, "Unexpected permissions policy source: #{source.inspect}"
  end
end