class ActionDispatch::PermissionsPolicy::Middleware

Constants

CONTENT_TYPE
POLICY

The Feature-Policy header has been renamed to Permissions-Policy. The Permissions-Policy requires a different implementation and isn’t yet supported by all browsers. To avoid having to rename this middleware in the future we use the new name for the middleware but keep the old header name and implementation for now.

Public Class Methods

new(app) click to toggle source
# File lib/action_dispatch/http/permissions_policy.rb, line 32
def initialize(app)
  @app = app
end

Public Instance Methods

call(env) click to toggle source
# File lib/action_dispatch/http/permissions_policy.rb, line 36
def call(env)
  request = ActionDispatch::Request.new(env)
  _, headers, _ = response = @app.call(env)

  return response unless html_response?(headers)
  return response if policy_present?(headers)

  if policy = request.permissions_policy
    headers[POLICY] = policy.build(request.controller_instance)
  end

  if policy_empty?(policy)
    headers.delete(POLICY)
  end

  response
end

Private Instance Methods

html_response?(headers) click to toggle source
# File lib/action_dispatch/http/permissions_policy.rb, line 55
def html_response?(headers)
  if content_type = headers[CONTENT_TYPE]
    /html/.match?(content_type)
  end
end
policy_empty?(policy) click to toggle source
# File lib/action_dispatch/http/permissions_policy.rb, line 65
def policy_empty?(policy)
  policy&.directives&.empty?
end
policy_present?(headers) click to toggle source
# File lib/action_dispatch/http/permissions_policy.rb, line 61
def policy_present?(headers)
  headers[POLICY]
end