![]() ![]() Your site your-site.example is allowed to use the geolocation feature with the user's consent.ad.example is not allowed to use geolocation. In this example, the header origin list lets only your site ( self) and trusted-site.example to use the geolocation feature. In this case, use the following header: Permissions-Policy: geolocation=(self "")Īnd explicitly set the allow attribute to the iframe tag for the trusted site: You want to allow geolocation only for your site and the trusted site, not for the ad.Your site also displays ads served by.Your site embeds an iframe from that you trust.Your site embeds an iframe from same-origin ( ).# How do I use Permissions Policy? # Quick overviewīefore we dive deep, let's take a quick look at a common scenario where you are the owner of a website and you want to control how your site and third-party code use browser features. If both Permissions Policy and Feature Policy headers are used together, the Permissions-Policy header will have higher priority, and will overwrite the value provided by the Feature-Policy header. ![]() Other than the syntax, there is no difference in logic. Therefore, we recommend developers explicitly set the Permissions Policy header in the response, so that cross-origin iframes which aren't listed in the origin list are blocked from accessing this feature, even if allow is present.įeature Policy can still be used after Chrome 88, but it acts as an alias for Permissions Policy. Adding the allow attribute to the iframe allows access to the feature. If the response does not contain a Permissions Policy header, the origin list is considered to have the default value of *. With Permissions Policy, if you add a cross-origin frame to the origin list, the iframe tag for that origin must include the allow attribute. With Feature Policy, you could add the feature to a cross-origin frame by either adding the origin to the header origin list or adding an allow attribute to the iframe tag. ![]() # Combine headers with the iframe allow attribute ![]()
0 Comments
Leave a Reply. |