From 513e90fa60fe1208071dd725004a0b9ce6f0e96a Mon Sep 17 00:00:00 2001 From: Chris Mills Date: Mon, 21 Nov 2022 06:28:02 +0000 Subject: [PATCH 001/122] move both feature-policy trees, update much of the terminology --- files/en-us/_redirects.txt | 42 ++- files/en-us/_wikihistory.json | 342 +++++++++--------- .../feature-policy/accelerometer/index.md | 43 --- .../ambient-light-sensor/index.md | 41 --- .../headers/feature-policy/battery/index.md | 44 --- .../headers/feature-policy/camera/index.md | 47 --- .../feature-policy/display-capture/index.md | 46 --- .../feature-policy/document-domain/index.md | 49 --- .../feature-policy/encrypted-media/index.md | 44 --- .../headers/feature-policy/gyroscope/index.md | 42 --- .../feature-policy/layout-animations/index.md | 40 -- .../legacy-image-formats/index.md | 40 -- .../feature-policy/magnetometer/index.md | 43 --- .../feature-policy/microphone/index.md | 46 --- .../http/headers/feature-policy/midi/index.md | 44 --- .../feature-policy/oversized-images/index.md | 39 -- .../headers/feature-policy/payment/index.md | 45 --- .../picture-in-picture/index.md | 43 --- .../publickey-credentials-get/index.md | 47 --- .../feature-policy/screen-wake-lock/index.md | 48 --- .../feature-policy/speaker-selection/index.md | 49 --- .../headers/feature-policy/sync-xhr/index.md | 40 -- .../unoptimized-images/index.md | 40 -- .../feature-policy/unsized-media/index.md | 42 --- .../http/headers/feature-policy/usb/index.md | 44 --- .../headers/feature-policy/web-share/index.md | 43 --- .../xr-spatial-tracking/index.md | 46 --- .../permissions-policy/accelerometer/index.md | 43 +++ .../ambient-light-sensor/index.md | 41 +++ .../autoplay/index.md | 22 +- .../permissions-policy/battery/index.md | 44 +++ .../permissions-policy/camera/index.md | 47 +++ .../display-capture/index.md | 46 +++ .../document-domain/index.md | 49 +++ .../encrypted-media/index.md | 44 +++ .../fullscreen/index.md | 30 +- .../gamepad/index.md | 28 +- .../geolocation/index.md | 28 +- .../permissions-policy/gyroscope/index.md | 42 +++ .../index.md | 90 +++-- .../layout-animations/index.md | 40 ++ .../legacy-image-formats/index.md | 40 ++ .../permissions-policy/magnetometer/index.md | 43 +++ .../permissions-policy/microphone/index.md | 46 +++ .../headers/permissions-policy/midi/index.md | 44 +++ .../oversized-images/index.md | 39 ++ .../permissions-policy/payment/index.md | 45 +++ .../picture-in-picture/index.md | 43 +++ .../publickey-credentials-get/index.md | 47 +++ .../screen-wake-lock/index.md | 48 +++ .../speaker-selection/index.md | 49 +++ .../permissions-policy/sync-xhr/index.md | 40 ++ .../unoptimized-images/index.md | 40 ++ .../permissions-policy/unsized-media/index.md | 42 +++ .../headers/permissions-policy/usb/index.md | 44 +++ .../permissions-policy/web-share/index.md | 43 +++ .../xr-spatial-tracking/index.md | 46 +++ .../index.md | 44 ++- .../using_permissions_policy}/index.md | 40 +- 59 files changed, 1441 insertions(+), 1415 deletions(-) delete mode 100644 files/en-us/web/http/headers/feature-policy/accelerometer/index.md delete mode 100644 files/en-us/web/http/headers/feature-policy/ambient-light-sensor/index.md delete mode 100644 files/en-us/web/http/headers/feature-policy/battery/index.md delete mode 100644 files/en-us/web/http/headers/feature-policy/camera/index.md delete mode 100644 files/en-us/web/http/headers/feature-policy/display-capture/index.md delete mode 100644 files/en-us/web/http/headers/feature-policy/document-domain/index.md delete mode 100644 files/en-us/web/http/headers/feature-policy/encrypted-media/index.md delete mode 100644 files/en-us/web/http/headers/feature-policy/gyroscope/index.md delete mode 100644 files/en-us/web/http/headers/feature-policy/layout-animations/index.md delete mode 100644 files/en-us/web/http/headers/feature-policy/legacy-image-formats/index.md delete mode 100644 files/en-us/web/http/headers/feature-policy/magnetometer/index.md delete mode 100644 files/en-us/web/http/headers/feature-policy/microphone/index.md delete mode 100644 files/en-us/web/http/headers/feature-policy/midi/index.md delete mode 100644 files/en-us/web/http/headers/feature-policy/oversized-images/index.md delete mode 100644 files/en-us/web/http/headers/feature-policy/payment/index.md delete mode 100644 files/en-us/web/http/headers/feature-policy/picture-in-picture/index.md delete mode 100644 files/en-us/web/http/headers/feature-policy/publickey-credentials-get/index.md delete mode 100644 files/en-us/web/http/headers/feature-policy/screen-wake-lock/index.md delete mode 100644 files/en-us/web/http/headers/feature-policy/speaker-selection/index.md delete mode 100644 files/en-us/web/http/headers/feature-policy/sync-xhr/index.md delete mode 100644 files/en-us/web/http/headers/feature-policy/unoptimized-images/index.md delete mode 100644 files/en-us/web/http/headers/feature-policy/unsized-media/index.md delete mode 100644 files/en-us/web/http/headers/feature-policy/usb/index.md delete mode 100644 files/en-us/web/http/headers/feature-policy/web-share/index.md delete mode 100644 files/en-us/web/http/headers/feature-policy/xr-spatial-tracking/index.md create mode 100644 files/en-us/web/http/headers/permissions-policy/accelerometer/index.md create mode 100644 files/en-us/web/http/headers/permissions-policy/ambient-light-sensor/index.md rename files/en-us/web/http/headers/{feature-policy => permissions-policy}/autoplay/index.md (60%) create mode 100644 files/en-us/web/http/headers/permissions-policy/battery/index.md create mode 100644 files/en-us/web/http/headers/permissions-policy/camera/index.md create mode 100644 files/en-us/web/http/headers/permissions-policy/display-capture/index.md create mode 100644 files/en-us/web/http/headers/permissions-policy/document-domain/index.md create mode 100644 files/en-us/web/http/headers/permissions-policy/encrypted-media/index.md rename files/en-us/web/http/headers/{feature-policy => permissions-policy}/fullscreen/index.md (58%) rename files/en-us/web/http/headers/{feature-policy => permissions-policy}/gamepad/index.md (61%) rename files/en-us/web/http/headers/{feature-policy => permissions-policy}/geolocation/index.md (67%) create mode 100644 files/en-us/web/http/headers/permissions-policy/gyroscope/index.md rename files/en-us/web/http/headers/{feature-policy => permissions-policy}/index.md (71%) create mode 100644 files/en-us/web/http/headers/permissions-policy/layout-animations/index.md create mode 100644 files/en-us/web/http/headers/permissions-policy/legacy-image-formats/index.md create mode 100644 files/en-us/web/http/headers/permissions-policy/magnetometer/index.md create mode 100644 files/en-us/web/http/headers/permissions-policy/microphone/index.md create mode 100644 files/en-us/web/http/headers/permissions-policy/midi/index.md create mode 100644 files/en-us/web/http/headers/permissions-policy/oversized-images/index.md create mode 100644 files/en-us/web/http/headers/permissions-policy/payment/index.md create mode 100644 files/en-us/web/http/headers/permissions-policy/picture-in-picture/index.md create mode 100644 files/en-us/web/http/headers/permissions-policy/publickey-credentials-get/index.md create mode 100644 files/en-us/web/http/headers/permissions-policy/screen-wake-lock/index.md create mode 100644 files/en-us/web/http/headers/permissions-policy/speaker-selection/index.md create mode 100644 files/en-us/web/http/headers/permissions-policy/sync-xhr/index.md create mode 100644 files/en-us/web/http/headers/permissions-policy/unoptimized-images/index.md create mode 100644 files/en-us/web/http/headers/permissions-policy/unsized-media/index.md create mode 100644 files/en-us/web/http/headers/permissions-policy/usb/index.md create mode 100644 files/en-us/web/http/headers/permissions-policy/web-share/index.md create mode 100644 files/en-us/web/http/headers/permissions-policy/xr-spatial-tracking/index.md rename files/en-us/web/http/{feature_policy => permissions_policy}/index.md (66%) rename files/en-us/web/http/{feature_policy/using_feature_policy => permissions_policy/using_permissions_policy}/index.md (79%) diff --git a/files/en-us/_redirects.txt b/files/en-us/_redirects.txt index 422e52a975fefd6..f4f149d918b0322 100644 --- a/files/en-us/_redirects.txt +++ b/files/en-us/_redirects.txt @@ -11954,16 +11954,48 @@ /en-US/docs/Web/HTTP/Controlling_DNS_prefetching /en-US/docs/Web/HTTP/Headers/X-DNS-Prefetch-Control /en-US/docs/Web/HTTP/Cookies/Cookie_Prefixes /en-US/docs/Web/HTTP/Cookies#Cookie_prefixes /en-US/docs/Web/HTTP/Evolution_of_HTTP /en-US/docs/Web/HTTP/Basics_of_HTTP/Evolution_of_HTTP +/en-US/docs/Web/HTTP/Feature_Policy /en-US/docs/Web/HTTP/Permissions_Policy +/en-US/docs/Web/HTTP/Feature_Policy/Using_Feature_Policy /en-US/docs/Web/HTTP/Permissions_Policy/Using_Feature_Policy /en-US/docs/Web/HTTP/Gecko_user_agent_string_reference /en-US/docs/Web/HTTP/Headers/User-Agent/Firefox /en-US/docs/Web/HTTP/HTTP_response_codes /en-US/docs/Web/HTTP/Status /en-US/docs/Web/HTTP/Headers/Cache-Disposition /en-US/docs/Web/HTTP/Headers/Content-Disposition /en-US/docs/Web/HTTP/Headers/Content-Security-Policy/navigate-to /en-US/docs/Web/HTTP/Headers/Content-Security-Policy /en-US/docs/Web/HTTP/Headers/Cookie2 /en-US/docs/Web/HTTP/Headers/Cookie -/en-US/docs/Web/HTTP/Headers/Feature-Policy/publickey-credentials /en-US/docs/Web/HTTP/Headers/Feature-Policy/publickey-credentials-get -/en-US/docs/Web/HTTP/Headers/Feature-Policy/vr /en-US/docs/Web/HTTP/Headers/Feature-Policy/xr-spatial-tracking -/en-US/docs/Web/HTTP/Headers/Feature-Policy/wake-lock /en-US/docs/Web/HTTP/Headers/Feature-Policy/screen-wake-lock -/en-US/docs/Web/HTTP/Headers/Feature-Policy/webauthn /en-US/docs/Web/HTTP/Headers/Feature-Policy/publickey-credentials-get -/en-US/docs/Web/HTTP/Headers/Feature-Policy/xr /en-US/docs/Web/HTTP/Headers/Feature-Policy/xr-spatial-tracking +/en-US/docs/Web/HTTP/Headers/Feature-Policy /en-US/docs/Web/HTTP/Headers/Permissions-Policy +/en-US/docs/Web/HTTP/Headers/Feature-Policy/accelerometer /en-US/docs/Web/HTTP/Headers/Permissions-Policy/accelerometer +/en-US/docs/Web/HTTP/Headers/Feature-Policy/ambient-light-sensor /en-US/docs/Web/HTTP/Headers/Permissions-Policy/ambient-light-sensor +/en-US/docs/Web/HTTP/Headers/Feature-Policy/autoplay /en-US/docs/Web/HTTP/Headers/Permissions-Policy/autoplay +/en-US/docs/Web/HTTP/Headers/Feature-Policy/battery /en-US/docs/Web/HTTP/Headers/Permissions-Policy/battery +/en-US/docs/Web/HTTP/Headers/Feature-Policy/camera /en-US/docs/Web/HTTP/Headers/Permissions-Policy/camera +/en-US/docs/Web/HTTP/Headers/Feature-Policy/display-capture /en-US/docs/Web/HTTP/Headers/Permissions-Policy/display-capture +/en-US/docs/Web/HTTP/Headers/Feature-Policy/document-domain /en-US/docs/Web/HTTP/Headers/Permissions-Policy/document-domain +/en-US/docs/Web/HTTP/Headers/Feature-Policy/encrypted-media /en-US/docs/Web/HTTP/Headers/Permissions-Policy/encrypted-media +/en-US/docs/Web/HTTP/Headers/Feature-Policy/fullscreen /en-US/docs/Web/HTTP/Headers/Permissions-Policy/fullscreen +/en-US/docs/Web/HTTP/Headers/Feature-Policy/gamepad /en-US/docs/Web/HTTP/Headers/Permissions-Policy/gamepad +/en-US/docs/Web/HTTP/Headers/Feature-Policy/geolocation /en-US/docs/Web/HTTP/Headers/Permissions-Policy/geolocation +/en-US/docs/Web/HTTP/Headers/Feature-Policy/gyroscope /en-US/docs/Web/HTTP/Headers/Permissions-Policy/gyroscope +/en-US/docs/Web/HTTP/Headers/Feature-Policy/layout-animations /en-US/docs/Web/HTTP/Headers/Permissions-Policy/layout-animations +/en-US/docs/Web/HTTP/Headers/Feature-Policy/legacy-image-formats /en-US/docs/Web/HTTP/Headers/Permissions-Policy/legacy-image-formats +/en-US/docs/Web/HTTP/Headers/Feature-Policy/magnetometer /en-US/docs/Web/HTTP/Headers/Permissions-Policy/magnetometer +/en-US/docs/Web/HTTP/Headers/Feature-Policy/microphone /en-US/docs/Web/HTTP/Headers/Permissions-Policy/microphone +/en-US/docs/Web/HTTP/Headers/Feature-Policy/midi /en-US/docs/Web/HTTP/Headers/Permissions-Policy/midi +/en-US/docs/Web/HTTP/Headers/Feature-Policy/oversized-images /en-US/docs/Web/HTTP/Headers/Permissions-Policy/oversized-images +/en-US/docs/Web/HTTP/Headers/Feature-Policy/payment /en-US/docs/Web/HTTP/Headers/Permissions-Policy/payment +/en-US/docs/Web/HTTP/Headers/Feature-Policy/picture-in-picture /en-US/docs/Web/HTTP/Headers/Permissions-Policy/picture-in-picture +/en-US/docs/Web/HTTP/Headers/Feature-Policy/publickey-credentials /en-US/docs/Web/HTTP/Headers/Permissions-Policy/publickey-credentials-get +/en-US/docs/Web/HTTP/Headers/Feature-Policy/publickey-credentials-get /en-US/docs/Web/HTTP/Headers/Permissions-Policy/publickey-credentials-get +/en-US/docs/Web/HTTP/Headers/Feature-Policy/screen-wake-lock /en-US/docs/Web/HTTP/Headers/Permissions-Policy/screen-wake-lock +/en-US/docs/Web/HTTP/Headers/Feature-Policy/speaker-selection /en-US/docs/Web/HTTP/Headers/Permissions-Policy/speaker-selection +/en-US/docs/Web/HTTP/Headers/Feature-Policy/sync-xhr /en-US/docs/Web/HTTP/Headers/Permissions-Policy/sync-xhr +/en-US/docs/Web/HTTP/Headers/Feature-Policy/unoptimized-images /en-US/docs/Web/HTTP/Headers/Permissions-Policy/unoptimized-images +/en-US/docs/Web/HTTP/Headers/Feature-Policy/unsized-media /en-US/docs/Web/HTTP/Headers/Permissions-Policy/unsized-media +/en-US/docs/Web/HTTP/Headers/Feature-Policy/usb /en-US/docs/Web/HTTP/Headers/Permissions-Policy/usb +/en-US/docs/Web/HTTP/Headers/Feature-Policy/vr /en-US/docs/Web/HTTP/Headers/Permissions-Policy/xr-spatial-tracking +/en-US/docs/Web/HTTP/Headers/Feature-Policy/wake-lock /en-US/docs/Web/HTTP/Headers/Permissions-Policy/screen-wake-lock +/en-US/docs/Web/HTTP/Headers/Feature-Policy/web-share /en-US/docs/Web/HTTP/Headers/Permissions-Policy/web-share +/en-US/docs/Web/HTTP/Headers/Feature-Policy/webauthn /en-US/docs/Web/HTTP/Headers/Permissions-Policy/publickey-credentials-get +/en-US/docs/Web/HTTP/Headers/Feature-Policy/xr /en-US/docs/Web/HTTP/Headers/Permissions-Policy/xr-spatial-tracking +/en-US/docs/Web/HTTP/Headers/Feature-Policy/xr-spatial-tracking /en-US/docs/Web/HTTP/Headers/Permissions-Policy/xr-spatial-tracking /en-US/docs/Web/HTTP/Headers/Public-Key-Pins /en-US/docs/Web/HTTP/Headers/Expect-CT /en-US/docs/Web/HTTP/Headers/Public-Key-Pins-Report-Only /en-US/docs/Web/HTTP/Headers/Expect-CT /en-US/docs/Web/HTTP/Headers/Ranges /en-US/docs/Web/HTTP/Headers/Range diff --git a/files/en-us/_wikihistory.json b/files/en-us/_wikihistory.json index 995a05c0e48b4d7..5625dede96f7789 100644 --- a/files/en-us/_wikihistory.json +++ b/files/en-us/_wikihistory.json @@ -102059,36 +102059,6 @@ "fscholz" ] }, - "Web/HTTP/Feature_Policy": { - "modified": "2020-10-18T22:29:08.695Z", - "contributors": [ - "hamishwillee", - "mfuji09", - "Malvoz", - "old_morfey13", - "Sheppy", - "jpchase", - "leela52452", - "bershanskiy", - "ashleybooniphone", - "fscholz", - "jpmedley" - ] - }, - "Web/HTTP/Feature_Policy/Using_Feature_Policy": { - "modified": "2020-10-01T23:00:16.945Z", - "contributors": [ - "hamishwillee", - "Malvoz", - "Sheppy", - "chrisdavidmills", - "clelland", - "jpchase", - "fscholz", - "mfuji09", - "jpmedley" - ] - }, "Web/HTTP/Headers": { "modified": "2020-11-16T08:22:37.817Z", "contributors": [ @@ -102854,147 +102824,6 @@ "modified": "2020-10-15T21:48:40.215Z", "contributors": ["mfuji09", "fscholz", "Malvoz", "AndrzejSala", "meridius"] }, - "Web/HTTP/Headers/Feature-Policy": { - "modified": "2020-10-15T22:07:47.010Z", - "contributors": [ - "hamishwillee", - "mfuji09", - "sideshowbarker", - "bershanskiy", - "Malvoz", - "jpchase", - "Sheppy", - "pwdst", - "fscholz", - "jpmedley" - ] - }, - "Web/HTTP/Headers/Feature-Policy/accelerometer": { - "modified": "2020-10-15T22:20:16.702Z", - "contributors": ["bershanskiy"] - }, - "Web/HTTP/Headers/Feature-Policy/ambient-light-sensor": { - "modified": "2020-10-15T22:20:15.626Z", - "contributors": ["verde79", "bershanskiy"] - }, - "Web/HTTP/Headers/Feature-Policy/autoplay": { - "modified": "2020-10-15T22:10:28.577Z", - "contributors": ["bershanskiy", "Sheppy", "fscholz"] - }, - "Web/HTTP/Headers/Feature-Policy/battery": { - "modified": "2020-10-15T22:24:54.886Z", - "contributors": ["mfuji09", "Malvoz", "bershanskiy"] - }, - "Web/HTTP/Headers/Feature-Policy/camera": { - "modified": "2020-10-15T22:10:24.420Z", - "contributors": ["bershanskiy", "Sheppy", "fscholz"] - }, - "Web/HTTP/Headers/Feature-Policy/display-capture": { - "modified": "2020-10-15T22:18:20.836Z", - "contributors": ["sideshowbarker", "bershanskiy", "Sheppy"] - }, - "Web/HTTP/Headers/Feature-Policy/document-domain": { - "modified": "2020-10-15T22:11:41.981Z", - "contributors": ["bershanskiy", "chrisdavidmills", "sideshowbarker"] - }, - "Web/HTTP/Headers/Feature-Policy/encrypted-media": { - "modified": "2020-10-15T22:10:28.002Z", - "contributors": ["mfuji09", "bershanskiy", "fscholz"] - }, - "Web/HTTP/Headers/Feature-Policy/fullscreen": { - "modified": "2020-10-15T22:07:59.873Z", - "contributors": [ - "chrisdavidmills", - "bershanskiy", - "fscholz", - "mfuji09", - "jpmedley" - ] - }, - "Web/HTTP/Headers/Feature-Policy/geolocation": { - "modified": "2020-10-15T22:07:59.720Z", - "contributors": ["fscholz", "mfuji09", "jpmedley", "jpchase"] - }, - "Web/HTTP/Headers/Feature-Policy/gyroscope": { - "modified": "2020-10-15T22:20:17.468Z", - "contributors": ["bershanskiy"] - }, - "Web/HTTP/Headers/Feature-Policy/layout-animations": { - "modified": "2020-10-15T22:20:14.846Z", - "contributors": ["bershanskiy"] - }, - "Web/HTTP/Headers/Feature-Policy/legacy-image-formats": { - "modified": "2020-10-15T22:20:12.416Z", - "contributors": ["bershanskiy"] - }, - "Web/HTTP/Headers/Feature-Policy/magnetometer": { - "modified": "2020-10-15T22:20:14.856Z", - "contributors": ["bershanskiy"] - }, - "Web/HTTP/Headers/Feature-Policy/microphone": { - "modified": "2020-10-15T22:08:02.300Z", - "contributors": ["fscholz", "mfuji09", "jpmedley"] - }, - "Web/HTTP/Headers/Feature-Policy/midi": { - "modified": "2020-10-15T22:10:24.122Z", - "contributors": ["mfuji09", "bershanskiy", "fscholz"] - }, - "Web/HTTP/Headers/Feature-Policy/oversized-images": { - "modified": "2020-10-15T22:20:15.081Z", - "contributors": ["bershanskiy"] - }, - "Web/HTTP/Headers/Feature-Policy/payment": { - "modified": "2020-10-15T22:10:32.310Z", - "contributors": ["mfuji09", "bershanskiy", "equalsJeffH", "fscholz"] - }, - "Web/HTTP/Headers/Feature-Policy/picture-in-picture": { - "modified": "2020-10-15T22:20:13.631Z", - "contributors": ["bershanskiy"] - }, - "Web/HTTP/Headers/Feature-Policy/publickey-credentials-get": { - "modified": "2020-10-15T22:21:51.682Z", - "contributors": [ - "sideshowbarker", - "fscholz", - "bershanskiy", - "Sarayutppr", - "chrisdavidmills", - "Malvoz" - ] - }, - "Web/HTTP/Headers/Feature-Policy/screen-wake-lock": { - "modified": "2020-10-15T22:31:49.481Z", - "contributors": ["bershanskiy"] - }, - "Web/HTTP/Headers/Feature-Policy/sync-xhr": { - "modified": "2020-10-15T22:20:17.874Z", - "contributors": ["bershanskiy"] - }, - "Web/HTTP/Headers/Feature-Policy/unoptimized-images": { - "modified": "2020-10-15T22:20:17.915Z", - "contributors": ["bershanskiy"] - }, - "Web/HTTP/Headers/Feature-Policy/unsized-media": { - "modified": "2020-10-15T22:20:17.118Z", - "contributors": ["mozdevcontrib", "bershanskiy"] - }, - "Web/HTTP/Headers/Feature-Policy/usb": { - "modified": "2020-10-15T22:20:16.110Z", - "contributors": ["bershanskiy"] - }, - "Web/HTTP/Headers/Feature-Policy/web-share": { - "modified": "2020-12-10T15:06:45.009Z", - "contributors": [ - "bershanskiy", - "chrisdavidmills", - "hamishwillee", - "ericwilligers" - ] - }, - "Web/HTTP/Headers/Feature-Policy/xr-spatial-tracking": { - "modified": "2020-10-15T22:24:55.820Z", - "contributors": ["Manishearth", "sideshowbarker", "bershanskiy"] - }, "Web/HTTP/Headers/Forwarded": { "modified": "2020-10-15T21:51:50.833Z", "contributors": [ @@ -103126,6 +102955,147 @@ "teoli" ] }, + "Web/HTTP/Headers/Permissions-Policy": { + "modified": "2020-10-15T22:07:47.010Z", + "contributors": [ + "hamishwillee", + "mfuji09", + "sideshowbarker", + "bershanskiy", + "Malvoz", + "jpchase", + "Sheppy", + "pwdst", + "fscholz", + "jpmedley" + ] + }, + "Web/HTTP/Headers/Permissions-Policy/accelerometer": { + "modified": "2020-10-15T22:20:16.702Z", + "contributors": ["bershanskiy"] + }, + "Web/HTTP/Headers/Permissions-Policy/ambient-light-sensor": { + "modified": "2020-10-15T22:20:15.626Z", + "contributors": ["verde79", "bershanskiy"] + }, + "Web/HTTP/Headers/Permissions-Policy/autoplay": { + "modified": "2020-10-15T22:10:28.577Z", + "contributors": ["bershanskiy", "Sheppy", "fscholz"] + }, + "Web/HTTP/Headers/Permissions-Policy/battery": { + "modified": "2020-10-15T22:24:54.886Z", + "contributors": ["mfuji09", "Malvoz", "bershanskiy"] + }, + "Web/HTTP/Headers/Permissions-Policy/camera": { + "modified": "2020-10-15T22:10:24.420Z", + "contributors": ["bershanskiy", "Sheppy", "fscholz"] + }, + "Web/HTTP/Headers/Permissions-Policy/display-capture": { + "modified": "2020-10-15T22:18:20.836Z", + "contributors": ["sideshowbarker", "bershanskiy", "Sheppy"] + }, + "Web/HTTP/Headers/Permissions-Policy/document-domain": { + "modified": "2020-10-15T22:11:41.981Z", + "contributors": ["bershanskiy", "chrisdavidmills", "sideshowbarker"] + }, + "Web/HTTP/Headers/Permissions-Policy/encrypted-media": { + "modified": "2020-10-15T22:10:28.002Z", + "contributors": ["mfuji09", "bershanskiy", "fscholz"] + }, + "Web/HTTP/Headers/Permissions-Policy/fullscreen": { + "modified": "2020-10-15T22:07:59.873Z", + "contributors": [ + "chrisdavidmills", + "bershanskiy", + "fscholz", + "mfuji09", + "jpmedley" + ] + }, + "Web/HTTP/Headers/Permissions-Policy/geolocation": { + "modified": "2020-10-15T22:07:59.720Z", + "contributors": ["fscholz", "mfuji09", "jpmedley", "jpchase"] + }, + "Web/HTTP/Headers/Permissions-Policy/gyroscope": { + "modified": "2020-10-15T22:20:17.468Z", + "contributors": ["bershanskiy"] + }, + "Web/HTTP/Headers/Permissions-Policy/layout-animations": { + "modified": "2020-10-15T22:20:14.846Z", + "contributors": ["bershanskiy"] + }, + "Web/HTTP/Headers/Permissions-Policy/legacy-image-formats": { + "modified": "2020-10-15T22:20:12.416Z", + "contributors": ["bershanskiy"] + }, + "Web/HTTP/Headers/Permissions-Policy/magnetometer": { + "modified": "2020-10-15T22:20:14.856Z", + "contributors": ["bershanskiy"] + }, + "Web/HTTP/Headers/Permissions-Policy/microphone": { + "modified": "2020-10-15T22:08:02.300Z", + "contributors": ["fscholz", "mfuji09", "jpmedley"] + }, + "Web/HTTP/Headers/Permissions-Policy/midi": { + "modified": "2020-10-15T22:10:24.122Z", + "contributors": ["mfuji09", "bershanskiy", "fscholz"] + }, + "Web/HTTP/Headers/Permissions-Policy/oversized-images": { + "modified": "2020-10-15T22:20:15.081Z", + "contributors": ["bershanskiy"] + }, + "Web/HTTP/Headers/Permissions-Policy/payment": { + "modified": "2020-10-15T22:10:32.310Z", + "contributors": ["mfuji09", "bershanskiy", "equalsJeffH", "fscholz"] + }, + "Web/HTTP/Headers/Permissions-Policy/picture-in-picture": { + "modified": "2020-10-15T22:20:13.631Z", + "contributors": ["bershanskiy"] + }, + "Web/HTTP/Headers/Permissions-Policy/publickey-credentials-get": { + "modified": "2020-10-15T22:21:51.682Z", + "contributors": [ + "sideshowbarker", + "fscholz", + "bershanskiy", + "Sarayutppr", + "chrisdavidmills", + "Malvoz" + ] + }, + "Web/HTTP/Headers/Permissions-Policy/screen-wake-lock": { + "modified": "2020-10-15T22:31:49.481Z", + "contributors": ["bershanskiy"] + }, + "Web/HTTP/Headers/Permissions-Policy/sync-xhr": { + "modified": "2020-10-15T22:20:17.874Z", + "contributors": ["bershanskiy"] + }, + "Web/HTTP/Headers/Permissions-Policy/unoptimized-images": { + "modified": "2020-10-15T22:20:17.915Z", + "contributors": ["bershanskiy"] + }, + "Web/HTTP/Headers/Permissions-Policy/unsized-media": { + "modified": "2020-10-15T22:20:17.118Z", + "contributors": ["mozdevcontrib", "bershanskiy"] + }, + "Web/HTTP/Headers/Permissions-Policy/usb": { + "modified": "2020-10-15T22:20:16.110Z", + "contributors": ["bershanskiy"] + }, + "Web/HTTP/Headers/Permissions-Policy/web-share": { + "modified": "2020-12-10T15:06:45.009Z", + "contributors": [ + "bershanskiy", + "chrisdavidmills", + "hamishwillee", + "ericwilligers" + ] + }, + "Web/HTTP/Headers/Permissions-Policy/xr-spatial-tracking": { + "modified": "2020-10-15T22:24:55.820Z", + "contributors": ["Manishearth", "sideshowbarker", "bershanskiy"] + }, "Web/HTTP/Headers/Pragma": { "modified": "2020-10-15T21:48:41.171Z", "contributors": ["fscholz", "teoli"] @@ -103807,6 +103777,36 @@ "teoli" ] }, + "Web/HTTP/Permissions_Policy": { + "modified": "2020-10-18T22:29:08.695Z", + "contributors": [ + "hamishwillee", + "mfuji09", + "Malvoz", + "old_morfey13", + "Sheppy", + "jpchase", + "leela52452", + "bershanskiy", + "ashleybooniphone", + "fscholz", + "jpmedley" + ] + }, + "Web/HTTP/Permissions_Policy/Using_Feature_Policy": { + "modified": "2020-10-01T23:00:16.945Z", + "contributors": [ + "hamishwillee", + "Malvoz", + "Sheppy", + "chrisdavidmills", + "clelland", + "jpchase", + "fscholz", + "mfuji09", + "jpmedley" + ] + }, "Web/HTTP/Protocol_upgrade_mechanism": { "modified": "2020-11-29T09:42:13.104Z", "contributors": [ diff --git a/files/en-us/web/http/headers/feature-policy/accelerometer/index.md b/files/en-us/web/http/headers/feature-policy/accelerometer/index.md deleted file mode 100644 index 9eb9a3acf47c44b..000000000000000 --- a/files/en-us/web/http/headers/feature-policy/accelerometer/index.md +++ /dev/null @@ -1,43 +0,0 @@ ---- -title: 'Feature-Policy: accelerometer' -slug: Web/HTTP/Headers/Feature-Policy/accelerometer -tags: - - Accelerometer - - Directive - - Feature Policy - - HTTP - - Reference - - Experimental -browser-compat: http.headers.Feature-Policy.accelerometer ---- - -{{HTTPSidebar}} {{SeeCompatTable}} - -The HTTP {{HTTPHeader('Feature-Policy')}} header `accelerometer` directive controls whether the current document is allowed to gather information about the acceleration of the device through the {{domxref('Accelerometer')}} interface. - -## Syntax - -```http -Feature-Policy: accelerometer ; -``` - -- \ - - : A list of origins for which the feature is allowed. See [`Feature-Policy`](/en-US/docs/Web/HTTP/Headers/Feature-Policy#syntax). - -## Default policy - -The default `allowlist` value for this feature is: `'self'`. - -## Specifications - -{{Specifications}} - -## Browser compatibility - -{{Compat}} - -## See also - -- {{HTTPHeader('Feature-Policy')}} header -- [Feature Policy](/en-US/docs/Web/HTTP/Feature_Policy) -- [Using Feature Policy](/en-US/docs/Web/HTTP/Feature_Policy/Using_Feature_Policy) diff --git a/files/en-us/web/http/headers/feature-policy/ambient-light-sensor/index.md b/files/en-us/web/http/headers/feature-policy/ambient-light-sensor/index.md deleted file mode 100644 index 73258f96215195e..000000000000000 --- a/files/en-us/web/http/headers/feature-policy/ambient-light-sensor/index.md +++ /dev/null @@ -1,41 +0,0 @@ ---- -title: 'Feature-Policy: ambient-light-sensor' -slug: Web/HTTP/Headers/Feature-Policy/ambient-light-sensor -tags: - - Ambient Light Sensor - - Feature Policy - - HTTP - - Experimental -browser-compat: http.headers.Feature-Policy.ambient-light-sensor ---- - -{{HTTPSidebar}} {{SeeCompatTable}} - -The HTTP {{HTTPHeader('Feature-Policy')}} header `ambient-light-sensor` directive controls whether the current document is allowed to gather information about the amount of light in the environment around the device through the {{domxref('AmbientLightSensor')}} interface. - -## Syntax - -```http -Feature-Policy: ambient-light-sensor ; -``` - -- \ - - : A list of origins for which the feature is allowed. See [`Feature-Policy`](/en-US/docs/Web/HTTP/Headers/Feature-Policy#syntax). - -## Default policy - -Default allow list for `ambient-light-sensor` is `'self'`. - -## Specifications - -{{Specifications}} - -## Browser compatibility - -{{Compat}} - -## See also - -- {{HTTPHeader('Feature-Policy')}} header -- [Feature Policy](/en-US/docs/Web/HTTP/Feature_Policy) -- [Using Feature Policy](/en-US/docs/Web/HTTP/Feature_Policy/Using_Feature_Policy) diff --git a/files/en-us/web/http/headers/feature-policy/battery/index.md b/files/en-us/web/http/headers/feature-policy/battery/index.md deleted file mode 100644 index 3ddeeeae89d353a..000000000000000 --- a/files/en-us/web/http/headers/feature-policy/battery/index.md +++ /dev/null @@ -1,44 +0,0 @@ ---- -title: 'Feature-Policy: battery' -slug: Web/HTTP/Headers/Feature-Policy/battery -tags: - - Battery - - Feature Policy - - HTTP - - Experimental -browser-compat: http.headers.Feature-Policy.battery ---- - -{{HTTPSidebar}}{{SeeCompatTable}} - -The HTTP {{HTTPHeader("Feature-Policy")}} header `battery` directive controls whether the current document is allowed to gather information about the battery of the device through the {{DOMxRef("BatteryManager")}} interface obtained via {{DOMxRef("Navigator.getBattery","Navigator.getBattery()")}}. - -## Syntax - -```http -Feature-Policy: battery ; -``` - -- \ - - : A list of origins for which the feature is allowed. See [`Feature-Policy`](/en-US/docs/Web/HTTP/Headers/Feature-Policy#syntax). - -## Default policy - -Default allow list for `battery` is `'self'`. - -## Specifications - -{{Specifications}} - -## Browser compatibility - -{{Compat}} - -## See also - -- {{HTTPHeader("Feature-Policy")}} header -- [Feature Policy](/en-US/docs/Web/HTTP/Feature_Policy) -- [Using Feature Policy](/en-US/docs/Web/HTTP/Feature_Policy/Using_Feature_Policy) -- [Battery Status API](/en-US/docs/Web/API/Battery_Status_API) -- {{DOMxRef("Navigator.getBattery","Navigator.getBattery()")}} -- {{DOMxRef("BatteryManager")}} diff --git a/files/en-us/web/http/headers/feature-policy/camera/index.md b/files/en-us/web/http/headers/feature-policy/camera/index.md deleted file mode 100644 index 64ffba28585c493..000000000000000 --- a/files/en-us/web/http/headers/feature-policy/camera/index.md +++ /dev/null @@ -1,47 +0,0 @@ ---- -title: 'Feature-Policy: camera' -slug: Web/HTTP/Headers/Feature-Policy/camera -tags: - - Directive - - Feature Policy - - Feature-Policy - - HTTP - - Reference - - camera -browser-compat: http.headers.Feature-Policy.camera ---- - -{{HTTPSidebar}} - -The HTTP {{HTTPHeader("Feature-Policy")}} header -`camera` directive controls whether the current document is allowed to use -video input devices. When this policy is enabled, the {{jsxref("Promise")}} returned -by {{domxref("MediaDevices.getUserMedia()")}} will reject with -a `NotAllowedError` {{domxref("DOMException")}}. - -## Syntax - -```http -Feature-Policy: camera ; -``` - -- \ - - : A list of origins for which the feature is allowed. See [`Feature-Policy`](/en-US/docs/Web/HTTP/Headers/Feature-Policy#syntax). - -## Default policy - -Default allow list for `camera` is `'self'`. - -## Specifications - -{{Specifications}} - -## Browser compatibility - -{{Compat}} - -## See also - -- {{HTTPHeader("Feature-Policy")}} header -- [Feature Policy](/en-US/docs/Web/HTTP/Feature_Policy) -- [Using Feature Policy](/en-US/docs/Web/HTTP/Feature_Policy/Using_Feature_Policy) diff --git a/files/en-us/web/http/headers/feature-policy/display-capture/index.md b/files/en-us/web/http/headers/feature-policy/display-capture/index.md deleted file mode 100644 index 9073230853be2e6..000000000000000 --- a/files/en-us/web/http/headers/feature-policy/display-capture/index.md +++ /dev/null @@ -1,46 +0,0 @@ ---- -title: 'Feature-Policy: display-capture' -slug: Web/HTTP/Headers/Feature-Policy/display-capture -tags: - - Directive - - Feature Policy - - HTTP - - Reference - - display-capture -browser-compat: http.headers.Feature-Policy.display-capture ---- - -{{HTTPSidebar}} - -The HTTP {{HTTPHeader("Feature-Policy")}} header `display-capture` directive controls whether or not the document is permitted to use [Screen Capture API](/en-US/docs/Web/API/Screen_Capture_API), that is, {{domxref("MediaDevices.getDisplayMedia", "getDisplayMedia()")}} to capture the screen's contents. - -If `display-capture` is disabled in a document, the document will not be able to initiate screen capture via {{domxref("MediaDevices.getDisplayMedia", "getDisplayMedia()")}}. - -## Syntax - -```http -Feature-Policy: display-capture ; -``` - -- \ - - : A list of origins for which the feature is allowed. See [`Feature-Policy`](/en-US/docs/Web/HTTP/Headers/Feature-Policy#syntax). - -## Default policy - -Default allow list for `display-capture` is `'self'`. - -## Specifications - -{{Specifications}} - -## Browser compatibility - -{{Compat}} - -## See also - -- {{HTTPHeader("Feature-Policy")}} header -- [Feature Policy](/en-US/docs/Web/HTTP/Feature_Policy) -- [Using Feature Policy](/en-US/docs/Web/HTTP/Feature_Policy/Using_Feature_Policy) -- [Screen Capture API](/en-US/docs/Web/API/Screen_Capture_API) -- [Using the Screen Capture API](/en-US/docs/Web/API/Screen_Capture_API/Using_Screen_Capture) diff --git a/files/en-us/web/http/headers/feature-policy/document-domain/index.md b/files/en-us/web/http/headers/feature-policy/document-domain/index.md deleted file mode 100644 index 82729cb19a334e9..000000000000000 --- a/files/en-us/web/http/headers/feature-policy/document-domain/index.md +++ /dev/null @@ -1,49 +0,0 @@ ---- -title: 'Feature-Policy: document-domain' -slug: Web/HTTP/Headers/Feature-Policy/document-domain -tags: - - Directive - - Experimental - - Feature Policy - - Feature-Policy - - HTTP - - Reference - - document-domain - - Header -browser-compat: http.headers.Feature-Policy.document-domain ---- - -{{HTTPSidebar}} {{SeeCompatTable}} - -The HTTP {{HTTPHeader("Feature-Policy")}} header -`document-domain` directive controls whether the current document is -allowed to set {{domxref("document.domain")}}. When this policy is disabled, attempting -to set {{domxref("document.domain")}} will fail and cause a `SecurityError` -{{domxref("DOMException")}} to be thrown. - -## Syntax - -```http -Feature-Policy: document-domain ; -``` - -- \ - - : A list of origins for which the feature is allowed. See [`Feature-Policy`](/en-US/docs/Web/HTTP/Headers/Feature-Policy#syntax). - -## Default policy - -Default allow list for `document-domain` is `*`. - -## Specifications - -{{Specifications}} - -## Browser compatibility - -{{Compat}} - -## See also - -- {{HTTPHeader("Feature-Policy")}} header -- [Feature Policy](/en-US/docs/Web/HTTP/Feature_Policy) -- [Using Feature Policy](/en-US/docs/Web/HTTP/Feature_Policy/Using_Feature_Policy) diff --git a/files/en-us/web/http/headers/feature-policy/encrypted-media/index.md b/files/en-us/web/http/headers/feature-policy/encrypted-media/index.md deleted file mode 100644 index af6db31df2b7806..000000000000000 --- a/files/en-us/web/http/headers/feature-policy/encrypted-media/index.md +++ /dev/null @@ -1,44 +0,0 @@ ---- -title: 'Feature-Policy: encrypted-media' -slug: Web/HTTP/Headers/Feature-Policy/encrypted-media -tags: - - Directive - - EME - - Feature Policy - - Feature-Policy - - HTTP - - Reference - - Experimental -browser-compat: http.headers.Feature-Policy.encrypted-media ---- - -{{HTTPSidebar}}{{SeeCompatTable}} - -The HTTP {{HTTPHeader("Feature-Policy")}} header `encrypted-media` directive controls whether the current document is allowed to use the [Encrypted Media Extensions](/en-US/docs/Web/API/Encrypted_Media_Extensions_API) API (EME). When this policy is enabled, the {{jsxref("Promise")}} returned by {{domxref("Navigator.requestMediaKeySystemAccess","Navigator.requestMediaKeySystemAccess()")}} will reject with a {{domxref("DOMException")}}. - -## Syntax - -```http -Feature-Policy: encrypted-media ; -``` - -- \ - - : A list of origins for which the feature is allowed. See [`Feature-Policy`](/en-US/docs/Web/HTTP/Headers/Feature-Policy#syntax). - -## Default policy - -Default allow list for `encrypted-media` is `'self'`. - -## Specifications - -{{Specifications}} - -## Browser compatibility - -{{Compat}} - -## See also - -- {{HTTPHeader("Feature-Policy")}} header -- [Feature Policy](/en-US/docs/Web/HTTP/Feature_Policy) -- [Using Feature Policy](/en-US/docs/Web/HTTP/Feature_Policy/Using_Feature_Policy) diff --git a/files/en-us/web/http/headers/feature-policy/gyroscope/index.md b/files/en-us/web/http/headers/feature-policy/gyroscope/index.md deleted file mode 100644 index c4f7bd2f7549cba..000000000000000 --- a/files/en-us/web/http/headers/feature-policy/gyroscope/index.md +++ /dev/null @@ -1,42 +0,0 @@ ---- -title: 'Feature-Policy: gyroscope' -slug: Web/HTTP/Headers/Feature-Policy/gyroscope -tags: - - Feature Policy - - gyroscope - - HTTP - - header - - Experimental -browser-compat: http.headers.Feature-Policy.gyroscope ---- - -{{HTTPSidebar}} {{SeeCompatTable}} - -The HTTP {{HTTPHeader("Feature-Policy")}} header `gyroscope` directive controls whether the current document is allowed to gather information about the orientation of the device through the {{domxref("Gyroscope")}} interface. - -## Syntax - -```http -Feature-Policy: gyroscope ; -``` - -- \ - - : A list of origins for which the feature is allowed. See [`Feature-Policy`](/en-US/docs/Web/HTTP/Headers/Feature-Policy#syntax). - -## Default policy - -Default allow list for `gyroscope` is `'self'`. - -## Specifications - -{{Specifications}} - -## Browser compatibility - -{{Compat}} - -## See also - -- {{HTTPHeader("Feature-Policy")}} header -- [Feature Policy](/en-US/docs/Web/HTTP/Feature_Policy) -- [Using Feature Policy](/en-US/docs/Web/HTTP/Feature_Policy/Using_Feature_Policy) diff --git a/files/en-us/web/http/headers/feature-policy/layout-animations/index.md b/files/en-us/web/http/headers/feature-policy/layout-animations/index.md deleted file mode 100644 index 4711c6381d16573..000000000000000 --- a/files/en-us/web/http/headers/feature-policy/layout-animations/index.md +++ /dev/null @@ -1,40 +0,0 @@ ---- -title: 'Feature-Policy: layout-animations' -slug: Web/HTTP/Headers/Feature-Policy/layout-animations -tags: - - Directive - - Feature-Policy - - HTTP - - Reference - - layout-animations - - Experimental - - Non-standard -browser-compat: http.headers.Feature-Policy.layout-animations ---- - -{{HTTPSidebar}} {{SeeCompatTable}}{{Non-standard_header}} - -The HTTP {{HTTPHeader("Feature-Policy")}} header `layout-animations` directive controls whether the current document is allowed to show layout animations. - -## Syntax - -```http -Feature-Policy: layout-animations ; -``` - -- \ - - : A list of origins for which the feature is allowed. See [`Feature-Policy`](/en-US/docs/Web/HTTP/Headers/Feature-Policy#syntax). - -## Default policy - -Default allow list for `layout-animations` is `'self'`. - -## Browser compatibility - -{{Compat}} - -## See also - -- {{HTTPHeader("Feature-Policy")}} header -- [Feature Policy](/en-US/docs/Web/HTTP/Feature_Policy) -- [Using Feature Policy](/en-US/docs/Web/HTTP/Feature_Policy/Using_Feature_Policy) diff --git a/files/en-us/web/http/headers/feature-policy/legacy-image-formats/index.md b/files/en-us/web/http/headers/feature-policy/legacy-image-formats/index.md deleted file mode 100644 index 0e0c6c607dd9229..000000000000000 --- a/files/en-us/web/http/headers/feature-policy/legacy-image-formats/index.md +++ /dev/null @@ -1,40 +0,0 @@ ---- -title: 'Feature-Policy: legacy-image-formats' -slug: Web/HTTP/Headers/Feature-Policy/legacy-image-formats -tags: - - Directive - - Feature-Policy - - HTTP - - Reference - - legacy-image-formats - - Experimental - - Non-standard -browser-compat: http.headers.Feature-Policy.legacy-image-formats ---- - -{{HTTPSidebar}}{{SeeCompatTable}}{{Non-standard_header}} - -The HTTP {{HTTPHeader("Feature-Policy")}} header `legacy-image-formats` directive controls whether the current document is allowed to display images in legacy formats. - -## Syntax - -```http -Feature-Policy: legacy-image-formats ; -``` - -- \ - - : A list of origins for which the feature is allowed. See [`Feature-Policy`](/en-US/docs/Web/HTTP/Headers/Feature-Policy#syntax). - -## Default policy - -Default allow list for `legacy-image-formats` is `'self'`. - -## Browser compatibility - -{{Compat}} - -## See also - -- {{HTTPHeader("Feature-Policy")}} header -- [Feature Policy](/en-US/docs/Web/HTTP/Feature_Policy) -- [Using Feature Policy](/en-US/docs/Web/HTTP/Feature_Policy/Using_Feature_Policy) diff --git a/files/en-us/web/http/headers/feature-policy/magnetometer/index.md b/files/en-us/web/http/headers/feature-policy/magnetometer/index.md deleted file mode 100644 index 23c9264152d5f8b..000000000000000 --- a/files/en-us/web/http/headers/feature-policy/magnetometer/index.md +++ /dev/null @@ -1,43 +0,0 @@ ---- -title: 'Feature-Policy: magnetometer' -slug: Web/HTTP/Headers/Feature-Policy/magnetometer -tags: - - Directive - - Feature-Policy - - HTTP - - Magnetometer - - Reference - - Experimental -browser-compat: http.headers.Feature-Policy.magnetometer ---- - -{{HTTPSidebar}} {{SeeCompatTable}} - -The HTTP {{HTTPHeader("Feature-Policy")}} header `magnetometer` directive controls whether the current document is allowed to gather information about the orientation of the device through the {{domxref("Magnetometer")}} interface. - -## Syntax - -```http -Feature-Policy: magnetometer ; -``` - -- \ - - : A list of origins for which the feature is allowed. See [`Feature-Policy`](/en-US/docs/Web/HTTP/Headers/Feature-Policy#syntax). - -## Default policy - -Default allow list for `magnetometer` is `'self'`. - -## Specifications - -{{Specifications}} - -## Browser compatibility - -{{Compat}} - -## See also - -- {{HTTPHeader("Feature-Policy")}} header -- [Feature Policy](/en-US/docs/Web/HTTP/Feature_Policy) -- [Using Feature Policy](/en-US/docs/Web/HTTP/Feature_Policy/Using_Feature_Policy) diff --git a/files/en-us/web/http/headers/feature-policy/microphone/index.md b/files/en-us/web/http/headers/feature-policy/microphone/index.md deleted file mode 100644 index 63a8b68f9b75176..000000000000000 --- a/files/en-us/web/http/headers/feature-policy/microphone/index.md +++ /dev/null @@ -1,46 +0,0 @@ ---- -title: 'Feature-Policy: microphone' -slug: Web/HTTP/Headers/Feature-Policy/microphone -tags: - - Feature Policy - - Feature-Policy - - HTTP - - header - - microphone -browser-compat: http.headers.Feature-Policy.microphone ---- - -{{HTTPSidebar}} - -The HTTP {{HTTPHeader("Feature-Policy")}} header -`microphone` directive controls whether the current document is allowed to -use audio input devices. When this policy is enabled, the {{jsxref("Promise")}} -returned by {{domxref("MediaDevices.getUserMedia()")}} will reject with a -`NotAllowedError`. - -## Syntax - -```http -Feature-Policy: microphone ; -``` - -- \ - - : A list of origins for which the feature is allowed. See [`Feature-Policy`](/en-US/docs/Web/HTTP/Headers/Feature-Policy#syntax). - -## Default policy - -Default allow list for `microphone` is `'self'`. - -## Specifications - -{{Specifications}} - -## Browser compatibility - -{{Compat}} - -## See also - -- {{HTTPHeader("Feature-Policy")}} header -- [Feature Policy](/en-US/docs/Web/HTTP/Feature_Policy) -- [Using Feature Policy](/en-US/docs/Web/HTTP/Feature_Policy/Using_Feature_Policy) diff --git a/files/en-us/web/http/headers/feature-policy/midi/index.md b/files/en-us/web/http/headers/feature-policy/midi/index.md deleted file mode 100644 index 6f65f360e629b98..000000000000000 --- a/files/en-us/web/http/headers/feature-policy/midi/index.md +++ /dev/null @@ -1,44 +0,0 @@ ---- -title: 'Feature-Policy: midi' -slug: Web/HTTP/Headers/Feature-Policy/midi -tags: - - Directive - - Feature Policy - - Feature-Policy - - HTTP - - MIDI - - Reference - - Experimental -browser-compat: http.headers.Feature-Policy.midi ---- - -{{HTTPSidebar}}{{SeeCompatTable}} - -The HTTP {{HTTPHeader("Feature-Policy")}} header `midi` directive controls whether the current document is allowed to use the [Web MIDI API](/en-US/docs/Web/API/Web_MIDI_API). When this policy is enabled, the {{jsxref("Promise")}} returned by {{domxref("Navigator.requestMIDIAccess()")}} will reject with a `DOMException`. - -## Syntax - -```http -Feature-Policy: midi ; -``` - -- \ - - : A list of origins for which the feature is allowed. See [`Feature-Policy`](/en-US/docs/Web/HTTP/Headers/Feature-Policy#syntax). - -## Default policy - -The allow list is `'self'`. - -## Specifications - -{{Specifications}} - -## Browser compatibility - -{{Compat}} - -## See also - -- {{HTTPHeader("Feature-Policy")}} header -- [Feature Policy](/en-US/docs/Web/HTTP/Feature_Policy) -- [Using Feature Policy](/en-US/docs/Web/HTTP/Feature_Policy/Using_Feature_Policy) diff --git a/files/en-us/web/http/headers/feature-policy/oversized-images/index.md b/files/en-us/web/http/headers/feature-policy/oversized-images/index.md deleted file mode 100644 index 378a51bfaba5f74..000000000000000 --- a/files/en-us/web/http/headers/feature-policy/oversized-images/index.md +++ /dev/null @@ -1,39 +0,0 @@ ---- -title: 'Feature-Policy: oversized-images' -slug: Web/HTTP/Headers/Feature-Policy/oversized-images -tags: - - Directive - - Feature-Policy - - HTTP - - Reference - - Experimental - - Non-standard -browser-compat: http.headers.Feature-Policy.oversized-images ---- - -{{HTTPSidebar}} {{SeeCompatTable}}{{Non-standard_header}} - -The HTTP {{HTTPHeader("Feature-Policy")}} header `oversized-images` directive controls whether the current document is allowed to download and display large images. - -## Syntax - -```http -Feature-Policy: oversized-images ; -``` - -- \ - - : A list of origins for which the feature is allowed. See [`Feature-Policy`](/en-US/docs/Web/HTTP/Headers/Feature-Policy#syntax). - -## Default value - -The default value is `'*'`. - -## Browser compatibility - -{{Compat}} - -## See also - -- {{HTTPHeader("Feature-Policy")}} header -- [Feature Policy](/en-US/docs/Web/HTTP/Feature_Policy) -- [Using Feature Policy](/en-US/docs/Web/HTTP/Feature_Policy/Using_Feature_Policy) diff --git a/files/en-us/web/http/headers/feature-policy/payment/index.md b/files/en-us/web/http/headers/feature-policy/payment/index.md deleted file mode 100644 index 355daa84a1633f4..000000000000000 --- a/files/en-us/web/http/headers/feature-policy/payment/index.md +++ /dev/null @@ -1,45 +0,0 @@ ---- -title: 'Feature-Policy: payment' -slug: Web/HTTP/Headers/Feature-Policy/payment -tags: - - Directive - - Feature Policy - - Feature-Policy - - HTTP - - Payment Request API - - Payments API - - Reference - - Experimental -browser-compat: http.headers.Feature-Policy.payment ---- - -{{HTTPSidebar}} {{SeeCompatTable}} - -The HTTP {{HTTPHeader("Feature-Policy")}} header field's `payment` directive controls whether the current document is allowed to use the [Payment Request API](/en-US/docs/Web/API/Payment_Request_API). When this policy is disabled, the {{DOMxRef("PaymentRequest()")}} constructor will throw a `SyntaxError` {{domxref("DOMException")}}. - -## Syntax - -```http -Feature-Policy: payment ; -``` - -- \ - - : A list of origins for which the feature is allowed. See [`Feature-Policy`](/en-US/docs/Web/HTTP/Headers/Feature-Policy#syntax). - -## Default policy - -The `payment` feature's default allowlist value is `'self'`. - -## Specifications - -{{Specifications}} - -## Browser compatibility - -{{Compat}} - -## See also - -- {{HTTPHeader("Feature-Policy")}} header field -- [Feature Policy](/en-US/docs/Web/HTTP/Feature_Policy) -- [Using Feature Policy](/en-US/docs/Web/HTTP/Feature_Policy/Using_Feature_Policy) diff --git a/files/en-us/web/http/headers/feature-policy/picture-in-picture/index.md b/files/en-us/web/http/headers/feature-policy/picture-in-picture/index.md deleted file mode 100644 index 7c2f4d94e7e4d9d..000000000000000 --- a/files/en-us/web/http/headers/feature-policy/picture-in-picture/index.md +++ /dev/null @@ -1,43 +0,0 @@ ---- -title: 'Feature-Policy: picture-in-picture' -slug: Web/HTTP/Headers/Feature-Policy/picture-in-picture -tags: - - Directive - - Feature-Policy - - HTTP - - Picture in picture - - Reference - - Experimental -browser-compat: http.headers.Feature-Policy.picture-in-picture ---- - -{{HTTPSidebar}} {{SeeCompatTable}} - -The HTTP {{HTTPHeader("Feature-Policy")}} header `picture-in-picture` directive controls whether the current document is allowed to play a video in a Picture-in-Picture mode via the corresponding API. - -## Syntax - -```http -Feature-Policy: picture-in-picture ; -``` - -- \ - - : A list of origins for which the feature is allowed. See [`Feature-Policy`](/en-US/docs/Web/HTTP/Headers/Feature-Policy#syntax). - -## Default policy - -As of June 2019, the [spec draft](https://wicg.github.io/picture-in-picture/#feature-policy) and [Google Chrome](https://bugs.chromium.org/p/chromium/issues/detail?id=806249#c17) set default allow list to `*`. - -## Specifications - -{{Specifications}} - -## Browser compatibility - -{{Compat}} - -## See also - -- {{HTTPHeader("Feature-Policy")}} header -- [Feature Policy](/en-US/docs/Web/HTTP/Feature_Policy) -- [Using Feature Policy](/en-US/docs/Web/HTTP/Feature_Policy/Using_Feature_Policy) diff --git a/files/en-us/web/http/headers/feature-policy/publickey-credentials-get/index.md b/files/en-us/web/http/headers/feature-policy/publickey-credentials-get/index.md deleted file mode 100644 index 8e00e2e223ad6a8..000000000000000 --- a/files/en-us/web/http/headers/feature-policy/publickey-credentials-get/index.md +++ /dev/null @@ -1,47 +0,0 @@ ---- -title: 'Feature-Policy: publickey-credentials-get' -slug: Web/HTTP/Headers/Feature-Policy/publickey-credentials-get -tags: - - Directive - - Feature-Policy - - HTTP - - publickey-credentials-get - - Reference - - Experimental -browser-compat: http.headers.Feature-Policy.publickey-credentials-get ---- - -{{HTTPSidebar}} {{SeeCompatTable}} - -The HTTP {{HTTPHeader("Feature-Policy")}} header `publickey-credentials-get` directive controls whether the current document is allowed to access the [Web Authentication API](/en-US/docs/Web/API/Web_Authentication_API) to retrieve public-key credentials; i.e., via {{DOMxRef("CredentialsContainer.get", "navigator.credentials.get({publicKey: ..., ...})")}}. - -When this policy is enabled, any attempt to query public key credentials will result in an error. - -## Syntax - -```http -Feature-Policy: publickey-credentials-get ; -``` - -- \ - - : A list of origins for which the feature is allowed. See [`Feature-Policy`](/en-US/docs/Web/HTTP/Headers/Feature-Policy#syntax). - -## Default policy - -The default allowlist is `'self'`. - -## Specifications - -{{Specifications}} - -## Browser compatibility - -{{Compat}} - -## See also - -- {{HTTPHeader("Feature-Policy")}} header -- [Feature Policy](/en-US/docs/Web/HTTP/Feature_Policy) -- [Using Feature Policy](/en-US/docs/Web/HTTP/Feature_Policy/Using_Feature_Policy) -- [Web Authentication API](/en-US/docs/Web/API/Web_Authentication_API) -- {{DOMxRef("PublicKeyCredential")}} interface diff --git a/files/en-us/web/http/headers/feature-policy/screen-wake-lock/index.md b/files/en-us/web/http/headers/feature-policy/screen-wake-lock/index.md deleted file mode 100644 index 29119a625b00aa7..000000000000000 --- a/files/en-us/web/http/headers/feature-policy/screen-wake-lock/index.md +++ /dev/null @@ -1,48 +0,0 @@ ---- -title: 'Feature-Policy: screen-wake-lock' -slug: Web/HTTP/Headers/Feature-Policy/screen-wake-lock -tags: - - Directive - - Feature Policy - - Feature-Policy - - HTTP - - Reference - - screen-wake-lock - - Experimental -browser-compat: http.headers.Feature-Policy.screen-wake-lock ---- - -{{HTTPSidebar}} {{SeeCompatTable}} - -The HTTP {{HTTPHeader("Feature-Policy")}} header **`screen-wake-lock`** directive controls whether the current document is allowed to use [Screen Wake Lock API](/en-US/docs/Web/API/Screen_Wake_Lock_API) to indicate that device should not dim or turn off the screen. - -> **Note:** In earlier specification drafts this directive was called `wake-lock`. - -## Syntax - -```http -Feature-Policy: screen-wake-lock ; -``` - -- \ - - : A list of origins for which the feature is allowed. See [`Feature-Policy`](/en-US/docs/Web/HTTP/Headers/Feature-Policy#syntax). - -## Default policy - -Default allow list for `screen-wake-lock` is `'self'`. - -## Specifications - -{{Specifications}} - -## Browser compatibility - -{{Compat}} - -## See also - -- [Screen Wake Lock API](/en-US/docs/Web/API/Screen_Wake_Lock_API) -- {{HTTPHeader('Feature-Policy')}} header -- [Feature Policy](/en-US/docs/Web/HTTP/Feature_Policy) -- [Using Feature Policy](/en-US/docs/Web/HTTP/Feature_Policy/Using_Feature_Policy) -- [Default value of the allow list](https://www.w3.org/TR/screen-wake-lock/#wake-locks) diff --git a/files/en-us/web/http/headers/feature-policy/speaker-selection/index.md b/files/en-us/web/http/headers/feature-policy/speaker-selection/index.md deleted file mode 100644 index 243548ce5299882..000000000000000 --- a/files/en-us/web/http/headers/feature-policy/speaker-selection/index.md +++ /dev/null @@ -1,49 +0,0 @@ ---- -title: 'Feature-Policy: speaker-selection' -slug: Web/HTTP/Headers/Feature-Policy/speaker-selection -tags: - - Feature Policy - - Feature-Policy - - HTTP - - header - - microphone - - Experimental -browser-compat: http.headers.Feature-Policy.speaker-selection ---- - -{{HTTPSidebar}} {{SeeCompatTable}} - -The HTTP {{HTTPHeader("Feature-Policy")}} header `speaker-selection` directive controls whether the current document is allowed to enumerate and select audio output devices (speakers, headphones, etc.). - -When this policy is enabled and the permission is denied: - -- {{domxref("MediaDevices.enumerateDevices()")}} won't return devices of type _audio output_. -- {{domxref("MediaDevices.selectAudioOutput()")}} won't display the popup for selecting an audio output, and will reject the promise with a `NotAllowedError`. -- {{domxref("HTMLMediaElement.setSinkId()")}} will throw a `NotAllowedError` if called for an audio output. - -## Syntax - -```http -Feature-Policy: speaker-selection ; -``` - -- `` - - : A list of origins for which the feature is allowed. See [`Feature-Policy`](/en-US/docs/Web/HTTP/Headers/Feature-Policy#syntax). - -## Default policy - -The default allowlist for `speaker-selection` is `'self'`. - -## Specifications - -{{Specifications}} - -## Browser compatibility - -{{Compat}} - -## See also - -- {{HTTPHeader("Feature-Policy")}} header -- [Feature Policy](/en-US/docs/Web/HTTP/Feature_Policy) -- [Using Feature Policy](/en-US/docs/Web/HTTP/Feature_Policy/Using_Feature_Policy) diff --git a/files/en-us/web/http/headers/feature-policy/sync-xhr/index.md b/files/en-us/web/http/headers/feature-policy/sync-xhr/index.md deleted file mode 100644 index 183b0e8d8ac2287..000000000000000 --- a/files/en-us/web/http/headers/feature-policy/sync-xhr/index.md +++ /dev/null @@ -1,40 +0,0 @@ ---- -title: 'Feature-Policy: sync-xhr' -slug: Web/HTTP/Headers/Feature-Policy/sync-xhr -tags: - - Directive - - Feature Policy - - Feature-Policy - - HTTP - - Reference - - XMLHttpRequest - - Experimental - - Non-standard -browser-compat: http.headers.Feature-Policy.sync-xhr ---- - -{{HTTPSidebar}} {{SeeCompatTable}}{{Non-standard_header}} - -The HTTP {{HTTPHeader("Feature-Policy")}} header `sync-xhr` directive controls whether the current document is allowed to make synchronous {{domxref("XMLHttpRequest")}} requests. - -## Syntax - -```http -Feature-Policy: sync-xhr ; -``` - -- \ - - : A list of origins for which the feature is allowed. See [`Feature-Policy`](/en-US/docs/Web/HTTP/Headers/Feature-Policy#syntax). - -## Default policy - -By default the policy is set to `*`, which means synchronous requests are allowed in all frames. - -## Browser compatibility - -{{Compat}} - -## See also - -- [Feature Policy](/en-US/docs/Web/HTTP/Feature_Policy) -- [Using Feature Policy](/en-US/docs/Web/HTTP/Feature_Policy/Using_Feature_Policy) diff --git a/files/en-us/web/http/headers/feature-policy/unoptimized-images/index.md b/files/en-us/web/http/headers/feature-policy/unoptimized-images/index.md deleted file mode 100644 index 0b21a0faeb687d7..000000000000000 --- a/files/en-us/web/http/headers/feature-policy/unoptimized-images/index.md +++ /dev/null @@ -1,40 +0,0 @@ ---- -title: 'Feature-Policy: unoptimized-images' -slug: Web/HTTP/Headers/Feature-Policy/unoptimized-images -tags: - - Directive - - Feature-Policy - - HTTP - - Image - - Reference - - Experimental - - Non-standard -browser-compat: http.headers.Feature-Policy.unoptimized-images ---- - -{{HTTPSidebar}}{{SeeCompatTable}}{{Non-standard_header}} - -The HTTP {{HTTPHeader("Feature-Policy")}} header `unoptimized-images` directive controls whether the current document is allowed to download and display unoptimized images. - -## Syntax - -```http -Feature-Policy: unoptimized-images ; -``` - -- \ - - : A list of origins for which the feature is allowed. See [`Feature-Policy`](/en-US/docs/Web/HTTP/Headers/Feature-Policy#syntax). - -## Default policy - -Default allow list for `unoptimized-images` is `'self'`. - -## Browser compatibility - -{{Compat}} - -## See also - -- {{HTTPHeader("Feature-Policy")}} header -- [Feature Policy](/en-US/docs/Web/HTTP/Feature_Policy) -- [Using Feature Policy](/en-US/docs/Web/HTTP/Feature_Policy/Using_Feature_Policy) diff --git a/files/en-us/web/http/headers/feature-policy/unsized-media/index.md b/files/en-us/web/http/headers/feature-policy/unsized-media/index.md deleted file mode 100644 index b2bb27890b717ac..000000000000000 --- a/files/en-us/web/http/headers/feature-policy/unsized-media/index.md +++ /dev/null @@ -1,42 +0,0 @@ ---- -title: 'Feature-Policy: unsized-media' -slug: Web/HTTP/Headers/Feature-Policy/unsized-media -tags: - - Directive - - Feature-Policy - - HTTP - - Reference - - Experimental - - Non-standard -browser-compat: http.headers.Feature-Policy.unsized-media ---- - -{{HTTPSidebar}} {{SeeCompatTable}}{{Non-standard_header}} - -The HTTP {{HTTPHeader('Feature-Policy')}} header `unsized-media` directive controls whether the current document is allowed to change the size of media elements after the initial layout is complete. - -This restriction solves "layout instability" problem caused by providing default dimensions for images whose size is not specified in advance so that image doesn't change size after loading. - -## Syntax - -```http -Feature-Policy: unsized-media ; -``` - -- \ - - : A list of origins for which the feature is allowed. See [`Feature-Policy`](/en-US/docs/Web/HTTP/Headers/Feature-Policy#syntax). - -## Default value - -The default value for unsized-media is `'*'`, that is unsized media elements are allowed for all origins by default. The page will re-flow every time an image with unknown dimensions is loaded. - -## Browser compatibility - -{{Compat}} - -## See also - -- {{HTTPHeader('Feature-Policy')}} header -- [Feature Policy](/en-US/docs/Web/HTTP/Feature_Policy) -- [Using Feature Policy](/en-US/docs/Web/HTTP/Feature_Policy/Using_Feature_Policy) -- [Proposal](https://github.com/w3c/webappsec-permissions-policy/blob/main/policies/unsized-media.md) diff --git a/files/en-us/web/http/headers/feature-policy/usb/index.md b/files/en-us/web/http/headers/feature-policy/usb/index.md deleted file mode 100644 index 9b8faebbeca20fa..000000000000000 --- a/files/en-us/web/http/headers/feature-policy/usb/index.md +++ /dev/null @@ -1,44 +0,0 @@ ---- -title: 'Feature-Policy: usb' -slug: Web/HTTP/Headers/Feature-Policy/usb -tags: - - Directive - - Feature-Policy - - HTTP - - Reference - - Vibration API - - Web USB - - Experimental -browser-compat: http.headers.Feature-Policy.usb ---- - -{{HTTPSidebar}} {{SeeCompatTable}} - -The HTTP {{HTTPHeader("Feature-Policy")}} header `usb` directive controls whether the current document is allowed to use the WebUSB API. - -## Syntax - -```http -Feature-Policy: usb ; -``` - -- \ - - : A list of origins for which the feature is allowed. See [`Feature-Policy`](/en-US/docs/Web/HTTP/Headers/Feature-Policy#syntax). - -## Default policy - -The default value is `'self'`. - -## Specifications - -{{Specifications}} - -## Browser compatibility - -{{Compat}} - -## See also - -- {{HTTPHeader('Feature-Policy')}} header -- [Feature Policy](/en-US/docs/Web/HTTP/Feature_Policy) -- [Using Feature Policy](/en-US/docs/Web/HTTP/Feature_Policy/Using_Feature_Policy) diff --git a/files/en-us/web/http/headers/feature-policy/web-share/index.md b/files/en-us/web/http/headers/feature-policy/web-share/index.md deleted file mode 100644 index 1ecab7143d3ead5..000000000000000 --- a/files/en-us/web/http/headers/feature-policy/web-share/index.md +++ /dev/null @@ -1,43 +0,0 @@ ---- -title: 'Feature-Policy: web-share' -slug: Web/HTTP/Headers/Feature-Policy/web-share -tags: - - Feature-Policy - - HTTP - - Web Share - - Experimental -browser-compat: http.headers.Feature-Policy.web-share ---- - -{{HTTPSidebar}} {{SeeCompatTable}} - -The HTTP {{HTTPHeader('Feature-Policy')}} header `web-share` directive controls whether the current document is allowed to use the {{domxref("Navigator.share","Navigator.share()")}} method of the Web Share API to share text, links, images, and other content to arbitrary destinations of the user's choice. - -## Syntax - -```http -Feature-Policy: web-share ; -``` - -- \ - - : A list of origins for which the feature is allowed. See [`Feature-Policy`](/en-US/docs/Web/HTTP/Headers/Feature-Policy#syntax). - -## Default policy - -The default value is `'self'`. - -## Specifications - -{{Specifications}} - -## Browser compatibility - -{{Compat}} - -Browser implementation is being discussed in . - -## See also - -- {{HTTPHeader('Feature-Policy')}} header -- [Feature Policy](/en-US/docs/Web/HTTP/Feature_Policy) -- [Using Feature Policy](/en-US/docs/Web/HTTP/Feature_Policy/Using_Feature_Policy) diff --git a/files/en-us/web/http/headers/feature-policy/xr-spatial-tracking/index.md b/files/en-us/web/http/headers/feature-policy/xr-spatial-tracking/index.md deleted file mode 100644 index b967958329ead44..000000000000000 --- a/files/en-us/web/http/headers/feature-policy/xr-spatial-tracking/index.md +++ /dev/null @@ -1,46 +0,0 @@ ---- -title: 'Feature-Policy: xr-spatial-tracking' -slug: Web/HTTP/Headers/Feature-Policy/xr-spatial-tracking -tags: - - Directive - - Feature Policy - - Feature-Policy - - HTTP - - Reference - - xr-spatial-tracking - - Experimental -browser-compat: http.headers.Feature-Policy.xr-spatial-tracking ---- - -{{HTTPSidebar}}{{SeeCompatTable}} - -The HTTP {{HTTPHeader("Feature-Policy")}} header `xr-spatial-tracking` directive controls whether the current document is allowed to use the [WebXR Device API](/en-US/docs/Web/API/WebXR_Device_API). This policy controls whether {{DOMxRef("XRSystem/requestSession","navigator.xr.requestSession()")}} can return {{DOMxRef("XRSession")}} that requires spatial tracking and whether user agent can indicate support for sessions supporting spatial tracking via {{DOMxRef("XRSystem/isSessionSupported","navigator.xr.isSessionSupported()")}} and {{domxref("MediaDevices/devicechange_event", "devicechange")}} event on {{DOMxRef("Navigator.xr","navigator.xr")}} object. - -## Syntax - -```http -Feature-Policy: xr-spatial-tracking ; -``` - -- \ - - : A list of origins for which the feature is allowed. See [`Feature-Policy`](/en-US/docs/Web/HTTP/Headers/Feature-Policy#syntax). - -## Default policy - -The default allowlist is `'self'`. - -## Specifications - -{{Specifications}} - -## Browser compatibility - -{{Compat}} - -## See also - -- [WebXR Device API](/en-US/docs/Web/API/WebXR_Device_API) -- {{DOMxRef("XRSystem/requestSession","navigator.xr.requestSession()")}}, and {{DOMxRef("XRSystem/isSessionSupported","navigator.xr.isSessionSupported()")}} and {{domxref("XRSystem/devicechange_event", "devicechange")}} event on {{DOMxRef("Navigator.xr","navigator.xr")}} -- {{HTTPHeader("Feature-Policy")}} header -- [Feature Policy](/en-US/docs/Web/HTTP/Feature_Policy) -- [Using Feature Policy](/en-US/docs/Web/HTTP/Feature_Policy/Using_Feature_Policy) diff --git a/files/en-us/web/http/headers/permissions-policy/accelerometer/index.md b/files/en-us/web/http/headers/permissions-policy/accelerometer/index.md new file mode 100644 index 000000000000000..08471100473a94e --- /dev/null +++ b/files/en-us/web/http/headers/permissions-policy/accelerometer/index.md @@ -0,0 +1,43 @@ +--- +title: 'Permissions-Policy: accelerometer' +slug: Web/HTTP/Headers/Permissions-Policy/accelerometer +tags: + - Accelerometer + - Directive + - Permissions Policy + - HTTP + - Reference + - Experimental +browser-compat: http.headers.Permissions-Policy.accelerometer +--- + +{{HTTPSidebar}} {{SeeCompatTable}} + +The HTTP {{HTTPHeader('Permissions-Policy')}} header `accelerometer` directive controls whether the current document is allowed to gather information about the acceleration of the device through the {{domxref('Accelerometer')}} interface. + +## Syntax + +```http +Permissions-Policy: accelerometer ; +``` + +- \ + - : A list of origins for which permission is granted to use the feature. See [`Permissions-Policy`](/en-US/docs/Web/HTTP/Headers/Permissions-Policy#syntax). + +## Default policy + +The default `allowlist` value for this feature is: `'self'`. + +## Specifications + +{{Specifications}} + +## Browser compatibility + +{{Compat}} + +## See also + +- {{HTTPHeader('Permissions-Policy')}} header +- [Permissions Policy](/en-US/docs/Web/HTTP/Permissions_Policy) +- [Using Permissions Policy](/en-US/docs/Web/HTTP/Permissions_Policy/Using_Permissions_Policy) diff --git a/files/en-us/web/http/headers/permissions-policy/ambient-light-sensor/index.md b/files/en-us/web/http/headers/permissions-policy/ambient-light-sensor/index.md new file mode 100644 index 000000000000000..47b74ad013d43b1 --- /dev/null +++ b/files/en-us/web/http/headers/permissions-policy/ambient-light-sensor/index.md @@ -0,0 +1,41 @@ +--- +title: 'Permissions-Policy: ambient-light-sensor' +slug: Web/HTTP/Headers/Permissions-Policy/ambient-light-sensor +tags: + - Ambient Light Sensor + - Permissions Policy + - HTTP + - Experimental +browser-compat: http.headers.Permissions-Policy.ambient-light-sensor +--- + +{{HTTPSidebar}} {{SeeCompatTable}} + +The HTTP {{HTTPHeader('Permissions-Policy')}} header `ambient-light-sensor` directive controls whether the current document is allowed to gather information about the amount of light in the environment around the device through the {{domxref('AmbientLightSensor')}} interface. + +## Syntax + +```http +Permissions-Policy: ambient-light-sensor ; +``` + +- \ + - : A list of origins for which permission is granted to use the feature. See [`Permissions-Policy`](/en-US/docs/Web/HTTP/Headers/Permissions-Policy#syntax). + +## Default policy + +Default allow list for `ambient-light-sensor` is `'self'`. + +## Specifications + +{{Specifications}} + +## Browser compatibility + +{{Compat}} + +## See also + +- {{HTTPHeader('Permissions-Policy')}} header +- [Permissions Policy](/en-US/docs/Web/HTTP/Permissions_Policy) +- [Using Permissions Policy](/en-US/docs/Web/HTTP/Permissions_Policy/Using_Permissions_Policy) diff --git a/files/en-us/web/http/headers/feature-policy/autoplay/index.md b/files/en-us/web/http/headers/permissions-policy/autoplay/index.md similarity index 60% rename from files/en-us/web/http/headers/feature-policy/autoplay/index.md rename to files/en-us/web/http/headers/permissions-policy/autoplay/index.md index 24a4a42e780f30a..07393067b0b3617 100644 --- a/files/en-us/web/http/headers/feature-policy/autoplay/index.md +++ b/files/en-us/web/http/headers/permissions-policy/autoplay/index.md @@ -1,20 +1,20 @@ --- -title: 'Feature-Policy: autoplay' -slug: Web/HTTP/Headers/Feature-Policy/autoplay +title: 'Permissions-Policy: autoplay' +slug: Web/HTTP/Headers/Permissions-Policy/autoplay tags: - Directive - - Feature Policy - - Feature-Policy + - Permissions Policy + - Permissions-Policy - HTTP - Reference - autoplay - Experimental -browser-compat: http.headers.Feature-Policy.autoplay +browser-compat: http.headers.Permissions-Policy.autoplay --- {{HTTPSidebar}} {{SeeCompatTable}} -The HTTP {{HTTPHeader("Feature-Policy")}} header +The HTTP {{HTTPHeader("Permissions-Policy")}} header `autoplay` directive controls whether the current document is allowed to autoplay media requested through the {{domxref("HTMLMediaElement")}} interface. When this policy is enabled and there were no user gestures, the {{jsxref("Promise")}} @@ -27,11 +27,11 @@ For more details on autoplay and autoplay blocking, see the article [Autoplay gu ## Syntax ```http -Feature-Policy: autoplay ; +Permissions-Policy: autoplay ; ``` - \ - - : A list of origins for which the feature is allowed. See [`Feature-Policy`](/en-US/docs/Web/HTTP/Headers/Feature-Policy#syntax). + - : A list of origins for which permission is granted to use the feature. See [`Permissions-Policy`](/en-US/docs/Web/HTTP/Headers/Permissions-Policy#syntax). ## Default policy @@ -48,6 +48,6 @@ The default value in [Google Chrome](https://chromestatus.com/feature/5100524789 ## See also -- {{HTTPHeader("Feature-Policy")}} header -- [Feature Policy](/en-US/docs/Web/HTTP/Feature_Policy) -- [Using Feature Policy](/en-US/docs/Web/HTTP/Feature_Policy/Using_Feature_Policy) +- {{HTTPHeader("Permissions-Policy")}} header +- [Permissions Policy](/en-US/docs/Web/HTTP/Permissions_Policy) +- [Using Permissions Policy](/en-US/docs/Web/HTTP/Permissions_Policy/Using_Permissions_Policy) diff --git a/files/en-us/web/http/headers/permissions-policy/battery/index.md b/files/en-us/web/http/headers/permissions-policy/battery/index.md new file mode 100644 index 000000000000000..b971f2dda688415 --- /dev/null +++ b/files/en-us/web/http/headers/permissions-policy/battery/index.md @@ -0,0 +1,44 @@ +--- +title: 'Permissions-Policy: battery' +slug: Web/HTTP/Headers/Permissions-Policy/battery +tags: + - Battery + - Permissions Policy + - HTTP + - Experimental +browser-compat: http.headers.Permissions-Policy.battery +--- + +{{HTTPSidebar}}{{SeeCompatTable}} + +The HTTP {{HTTPHeader("Permissions-Policy")}} header `battery` directive controls whether the current document is allowed to gather information about the battery of the device through the {{DOMxRef("BatteryManager")}} interface obtained via {{DOMxRef("Navigator.getBattery","Navigator.getBattery()")}}. + +## Syntax + +```http +Permissions-Policy: battery ; +``` + +- \ + - : A list of origins for which permission is granted to use the feature. See [`Permissions-Policy`](/en-US/docs/Web/HTTP/Headers/Permissions-Policy#syntax). + +## Default policy + +Default allow list for `battery` is `'self'`. + +## Specifications + +{{Specifications}} + +## Browser compatibility + +{{Compat}} + +## See also + +- {{HTTPHeader("Permissions-Policy")}} header +- [Permissions Policy](/en-US/docs/Web/HTTP/Permissions_Policy) +- [Using Permissions Policy](/en-US/docs/Web/HTTP/Permissions_Policy/Using_Permissions_Policy) +- [Battery Status API](/en-US/docs/Web/API/Battery_Status_API) +- {{DOMxRef("Navigator.getBattery","Navigator.getBattery()")}} +- {{DOMxRef("BatteryManager")}} diff --git a/files/en-us/web/http/headers/permissions-policy/camera/index.md b/files/en-us/web/http/headers/permissions-policy/camera/index.md new file mode 100644 index 000000000000000..2563485b6821e57 --- /dev/null +++ b/files/en-us/web/http/headers/permissions-policy/camera/index.md @@ -0,0 +1,47 @@ +--- +title: 'Permissions-Policy: camera' +slug: Web/HTTP/Headers/Permissions-Policy/camera +tags: + - Directive + - Permissions Policy + - Permissions-Policy + - HTTP + - Reference + - camera +browser-compat: http.headers.Permissions-Policy.camera +--- + +{{HTTPSidebar}} + +The HTTP {{HTTPHeader("Permissions-Policy")}} header +`camera` directive controls whether the current document is allowed to use +video input devices. When this policy is enabled, the {{jsxref("Promise")}} returned +by {{domxref("MediaDevices.getUserMedia()")}} will reject with +a `NotAllowedError` {{domxref("DOMException")}}. + +## Syntax + +```http +Permissions-Policy: camera ; +``` + +- \ + - : A list of origins for which permission is granted to use the feature. See [`Permissions-Policy`](/en-US/docs/Web/HTTP/Headers/Permissions-Policy#syntax). + +## Default policy + +Default allow list for `camera` is `'self'`. + +## Specifications + +{{Specifications}} + +## Browser compatibility + +{{Compat}} + +## See also + +- {{HTTPHeader("Permissions-Policy")}} header +- [Permissions Policy](/en-US/docs/Web/HTTP/Permissions_Policy) +- [Using Permissions Policy](/en-US/docs/Web/HTTP/Permissions_Policy/Using_Permissions_Policy) diff --git a/files/en-us/web/http/headers/permissions-policy/display-capture/index.md b/files/en-us/web/http/headers/permissions-policy/display-capture/index.md new file mode 100644 index 000000000000000..75ee35b3433de1d --- /dev/null +++ b/files/en-us/web/http/headers/permissions-policy/display-capture/index.md @@ -0,0 +1,46 @@ +--- +title: 'Permissions-Policy: display-capture' +slug: Web/HTTP/Headers/Permissions-Policy/display-capture +tags: + - Directive + - Permissions Policy + - HTTP + - Reference + - display-capture +browser-compat: http.headers.Permissions-Policy.display-capture +--- + +{{HTTPSidebar}} + +The HTTP {{HTTPHeader("Permissions-Policy")}} header `display-capture` directive controls whether or not the document is permitted to use [Screen Capture API](/en-US/docs/Web/API/Screen_Capture_API), that is, {{domxref("MediaDevices.getDisplayMedia", "getDisplayMedia()")}} to capture the screen's contents. + +If `display-capture` is disabled in a document, the document will not be able to initiate screen capture via {{domxref("MediaDevices.getDisplayMedia", "getDisplayMedia()")}}. + +## Syntax + +```http +Permissions-Policy: display-capture ; +``` + +- \ + - : A list of origins for which permission is granted to use the feature. See [`Permissions-Policy`](/en-US/docs/Web/HTTP/Headers/Permissions-Policy#syntax). + +## Default policy + +Default allow list for `display-capture` is `'self'`. + +## Specifications + +{{Specifications}} + +## Browser compatibility + +{{Compat}} + +## See also + +- {{HTTPHeader("Permissions-Policy")}} header +- [Permissions Policy](/en-US/docs/Web/HTTP/Permissions_Policy) +- [Using Permissions Policy](/en-US/docs/Web/HTTP/Permissions_Policy/Using_Permissions_Policy) +- [Screen Capture API](/en-US/docs/Web/API/Screen_Capture_API) +- [Using the Screen Capture API](/en-US/docs/Web/API/Screen_Capture_API/Using_Screen_Capture) diff --git a/files/en-us/web/http/headers/permissions-policy/document-domain/index.md b/files/en-us/web/http/headers/permissions-policy/document-domain/index.md new file mode 100644 index 000000000000000..41e89a8fee93124 --- /dev/null +++ b/files/en-us/web/http/headers/permissions-policy/document-domain/index.md @@ -0,0 +1,49 @@ +--- +title: 'Permissions-Policy: document-domain' +slug: Web/HTTP/Headers/Permissions-Policy/document-domain +tags: + - Directive + - Experimental + - Permissions Policy + - Permissions-Policy + - HTTP + - Reference + - document-domain + - Header +browser-compat: http.headers.Permissions-Policy.document-domain +--- + +{{HTTPSidebar}} {{SeeCompatTable}} + +The HTTP {{HTTPHeader("Permissions-Policy")}} header +`document-domain` directive controls whether the current document is +allowed to set {{domxref("document.domain")}}. When this policy is disabled, attempting +to set {{domxref("document.domain")}} will fail and cause a `SecurityError` +{{domxref("DOMException")}} to be thrown. + +## Syntax + +```http +Permissions-Policy: document-domain ; +``` + +- \ + - : A list of origins for which permission is granted to use the feature. See [`Permissions-Policy`](/en-US/docs/Web/HTTP/Headers/Permissions-Policy#syntax). + +## Default policy + +Default allow list for `document-domain` is `*`. + +## Specifications + +{{Specifications}} + +## Browser compatibility + +{{Compat}} + +## See also + +- {{HTTPHeader("Permissions-Policy")}} header +- [Permissions Policy](/en-US/docs/Web/HTTP/Permissions_Policy) +- [Using Permissions Policy](/en-US/docs/Web/HTTP/Permissions_Policy/Using_Permissions_Policy) diff --git a/files/en-us/web/http/headers/permissions-policy/encrypted-media/index.md b/files/en-us/web/http/headers/permissions-policy/encrypted-media/index.md new file mode 100644 index 000000000000000..c20046899674806 --- /dev/null +++ b/files/en-us/web/http/headers/permissions-policy/encrypted-media/index.md @@ -0,0 +1,44 @@ +--- +title: 'Permissions-Policy: encrypted-media' +slug: Web/HTTP/Headers/Permissions-Policy/encrypted-media +tags: + - Directive + - EME + - Permissions Policy + - Permissions-Policy + - HTTP + - Reference + - Experimental +browser-compat: http.headers.Permissions-Policy.encrypted-media +--- + +{{HTTPSidebar}}{{SeeCompatTable}} + +The HTTP {{HTTPHeader("Permissions-Policy")}} header `encrypted-media` directive controls whether the current document is allowed to use the [Encrypted Media Extensions](/en-US/docs/Web/API/Encrypted_Media_Extensions_API) API (EME). When this policy is enabled, the {{jsxref("Promise")}} returned by {{domxref("Navigator.requestMediaKeySystemAccess","Navigator.requestMediaKeySystemAccess()")}} will reject with a {{domxref("DOMException")}}. + +## Syntax + +```http +Permissions-Policy: encrypted-media ; +``` + +- \ + - : A list of origins for which permission is granted to use the feature. See [`Permissions-Policy`](/en-US/docs/Web/HTTP/Headers/Permissions-Policy#syntax). + +## Default policy + +Default allow list for `encrypted-media` is `'self'`. + +## Specifications + +{{Specifications}} + +## Browser compatibility + +{{Compat}} + +## See also + +- {{HTTPHeader("Permissions-Policy")}} header +- [Permissions Policy](/en-US/docs/Web/HTTP/Permissions_Policy) +- [Using Permissions Policy](/en-US/docs/Web/HTTP/Permissions_Policy/Using_Permissions_Policy) diff --git a/files/en-us/web/http/headers/feature-policy/fullscreen/index.md b/files/en-us/web/http/headers/permissions-policy/fullscreen/index.md similarity index 58% rename from files/en-us/web/http/headers/feature-policy/fullscreen/index.md rename to files/en-us/web/http/headers/permissions-policy/fullscreen/index.md index 2dd34c67bb9e1e5..3b6ed7b34d5d200 100644 --- a/files/en-us/web/http/headers/feature-policy/fullscreen/index.md +++ b/files/en-us/web/http/headers/permissions-policy/fullscreen/index.md @@ -1,18 +1,18 @@ --- -title: 'Feature-Policy: fullscreen' -slug: Web/HTTP/Headers/Feature-Policy/fullscreen +title: 'Permissions-Policy: fullscreen' +slug: Web/HTTP/Headers/Permissions-Policy/fullscreen tags: - - Feature Policy - - Feature-Policy + - Permissions Policy + - Permissions-Policy - HTTP - fullscreen - header -browser-compat: http.headers.Feature-Policy.fullscreen +browser-compat: http.headers.Permissions-Policy.fullscreen --- {{HTTPSidebar}} -The HTTP {{HTTPHeader("Feature-Policy")}} header `fullscreen` directive controls whether the current document is allowed to use {{domxref('Element.requestFullscreen()')}}. When this policy is enabled, the returned {{jsxref('Promise')}} rejects with a {{jsxref('TypeError')}}. +The HTTP {{HTTPHeader("Permissions-Policy")}} header `fullscreen` directive controls whether the current document is allowed to use {{domxref('Element.requestFullscreen()')}}. When this policy is enabled, the returned {{jsxref('Promise')}} rejects with a {{jsxref('TypeError')}}. By default, top-level documents and their same-origin child frames can request and enter fullscreen mode. This directive allows or prevents cross-origin frames from using fullscreen mode. This includes same-origin frames. @@ -21,11 +21,11 @@ By default, top-level documents and their same-origin child frames can request a ## Syntax ```http -Feature-Policy: fullscreen ; +Permissions-Policy: fullscreen ; ``` - \ - - : A list of origins for which the feature is allowed. See [`Feature-Policy`](/en-US/docs/Web/HTTP/Headers/Feature-Policy#syntax). + - : A list of origins for which permission is granted to use the feature. See [`Permissions-Policy`](/en-US/docs/Web/HTTP/Headers/Permissions-Policy#syntax). ## Default policy @@ -35,18 +35,18 @@ Default allow list for `fullscreen` is `'self'`. ### General example -SecureCorp Inc. wants to disable the Fullscreen API within all browsing contexts except for its own origin and those whose origin is `https://example.com`. It can do so by delivering the following HTTP response header to define a feature policy: +SecureCorp Inc. wants to disable the Fullscreen API within all browsing contexts except for its own origin and those whose origin is `https://example.com`. It can do so by delivering the following HTTP response header to define a Permissions Policy: ```http -Feature-Policy: fullscreen 'self' https://example.com +Permissions-Policy: fullscreen 'self' https://example.com ``` ### With an \ ``` -Read our guide, [Using Feature Policy](/en-US/docs/Web/HTTP/Feature_Policy/Using_Feature_Policy), to learn more about how it works. - #### Encryption based security The `getUserMedia()` method is only available in [secure contexts](/en-US/docs/Web/Security/Secure_Contexts). A secure context diff --git a/files/en-us/web/api/mediadevices/selectaudiooutput/index.md b/files/en-us/web/api/mediadevices/selectaudiooutput/index.md index 5fc6d19feca679d..ea1a9237bd8381e 100644 --- a/files/en-us/web/api/mediadevices/selectaudiooutput/index.md +++ b/files/en-us/web/api/mediadevices/selectaudiooutput/index.md @@ -49,7 +49,7 @@ The object describes the user-selected audio output device. ### Exceptions - `NotAllowedError` {{domxref("DOMException")}} - - : Returned if the current page has not been granted the {{HTTPHeader("Feature-Policy/speaker-selection","speaker-selection")}} permission or the user closed the selection prompt without choosing a device. + - : Returned if the current page has not been granted the {{HTTPHeader("Permissions-Policy/speaker-selection","speaker-selection")}} permission or the user closed the selection prompt without choosing a device. - `NotFoundError` {{domxref("DOMException")}} - : Returned if there are no available audio output devices. - `InvalidStateError` {{domxref("DOMException")}} @@ -57,7 +57,7 @@ The object describes the user-selected audio output device. ## Security -[Transient user activation](/en-US/docs/Web/Security/User_activation) is required. The user has to interact with the page or a UI element in order for this feature to work. +[Transient user activation](/en-US/docs/Web/Security/User_activation) is required. The user has to interact with the page or a UI element for this feature to work. Access to audio output devices is gated by the [Permissions API](/en-US/docs/Web/API/Permissions_API). The prompt will not be displayed if the `speaker-selection` permission has not been granted. diff --git a/files/en-us/web/api/navigator/canshare/index.md b/files/en-us/web/api/navigator/canshare/index.md index 7a4eabb05ab1dd7..2300d7cfa7d9b5d 100644 --- a/files/en-us/web/api/navigator/canshare/index.md +++ b/files/en-us/web/api/navigator/canshare/index.md @@ -22,7 +22,7 @@ The method returns `false` if the data cannot be _validated_. Reasons the data m - Files are specified but the implementation does not support file sharing. - Sharing the specified data would be considered a "hostile share" by the user-agent. -The Web Share API is gated by the [web-share](/en-US/docs/Web/HTTP/Headers/Feature-Policy/web-share) permission policy. +The Web Share API is gated by the [web-share](/en-US/docs/Web/HTTP/Headers/Permissions-Policy/web-share) permission policy. The **`canShare()`** method will return `false` if the permission is supported but has not been granted. ## Syntax diff --git a/files/en-us/web/api/navigator/getbattery/index.md b/files/en-us/web/api/navigator/getbattery/index.md index d41e7d32c567d6a..a1f41c7307a6fc7 100644 --- a/files/en-us/web/api/navigator/getbattery/index.md +++ b/files/en-us/web/api/navigator/getbattery/index.md @@ -21,7 +21,7 @@ system's battery. It returns a battery promise, which is resolved in a monitor the battery status. This implements the [Battery Status API](/en-US/docs/Web/API/Battery_Status_API); see that documentation for additional details, a guide to using the API, and sample code. -> **Note:** In some browsers access to this feature is controlled by the {{HTTPHeader("Feature-Policy")}} directive {{HTTPHeader("Feature-Policy/battery","battery")}}. +> **Note:** In some browsers access to this feature is controlled by the {{HTTPHeader("Permissions-Policy")}} directive {{HTTPHeader("Permissions-Policy/battery","battery")}}. ## Syntax @@ -53,7 +53,7 @@ This method doesn't throw true exceptions; instead, it rejects the returned prom - : No User Agent currently throws this exception, but the specification describes the following behaviors: > This document is not allowed to use this feature. - > For example, it might not be explicitly allowed or restricted via {{HTTPHeader("Feature-Policy")}} {{HTTPHeader("Feature-Policy/battery", "battery")}} feature. + > For example, it might not be explicitly allowed or restricted via {{HTTPHeader("Permissions-Policy")}} {{HTTPHeader("Permissions-Policy/battery", "battery")}} feature. ## Examples @@ -86,5 +86,5 @@ For more examples and details, see [Battery Status API](/en-US/docs/Web/API/Batt ## See also - [Battery Status API](/en-US/docs/Web/API/Battery_Status_API) -- `Feature-Policy` {{HTTPHeader("Feature-Policy/battery", "battery")}} +- `Permissions-Policy` {{HTTPHeader("Permissions-Policy/battery", "battery")}} feature diff --git a/files/en-us/web/api/navigator/getgamepads/index.md b/files/en-us/web/api/navigator/getgamepads/index.md index eedb4270477aa6d..2a853cf1716ad2d 100644 --- a/files/en-us/web/api/navigator/getgamepads/index.md +++ b/files/en-us/web/api/navigator/getgamepads/index.md @@ -20,7 +20,7 @@ The **`Navigator.getGamepads()`** method returns an array of Elements in the array may be `null` if a gamepad disconnects during a session, so that the remaining gamepads retain the same index. -Calls to this method will throw a `SecurityError` {{domxref('DOMException')}} if disallowed by the {{httpheader('Feature-Policy/gamepad','gamepad')}} [Feature Policy](/en-US/docs/Web/HTTP/Feature_Policy). +Calls to this method will throw a `SecurityError` {{domxref('DOMException')}} if disallowed by the {{httpheader('Permissions-Policy/gamepad','gamepad')}} [Permissions Policy](/en-US/docs/Web/HTTP/Permissions_Policy). ## Syntax diff --git a/files/en-us/web/api/navigator/share/index.md b/files/en-us/web/api/navigator/share/index.md index 3b1cbdc12a62f99..b4f88ddae09993f 100644 --- a/files/en-us/web/api/navigator/share/index.md +++ b/files/en-us/web/api/navigator/share/index.md @@ -49,7 +49,7 @@ A {{jsxref("Promise")}} that resolves with `undefined`, or rejected with one of The {{jsxref("Promise")}} may be rejected with one of the following `DOMException` values: - `NotAllowedError` {{domxref("DOMException")}} - - : The [web-share](/en-US/docs/Web/HTTP/Headers/Feature-Policy/web-share) permission has not been granted, or the window does not have {{Glossary("transient activation")}}, or a file share is being blocked due to security considerations. + - : The [web-share](/en-US/docs/Web/HTTP/Headers/Permissions-Policy/web-share) permission has not been granted, or the window does not have {{Glossary("transient activation")}}, or a file share is being blocked due to security considerations. - {{jsxref("TypeError")}} - : The specified share data cannot be validated. Possible reasons include: @@ -117,7 +117,7 @@ The following is a list of usually shareable file types. However, you should alw ## Security -This method requires that the current document have the [web-share](/en-US/docs/Web/HTTP/Headers/Feature-Policy/web-share) permission policy and {{Glossary("transient activation")}}. (It must be triggered off a UI event like a button click and cannot be launched at arbitrary points by a script.) Further, the method must specify valid data that is supported for sharing by the native implementation. +This method requires that the current document have the [web-share](/en-US/docs/Web/HTTP/Headers/Permissions-Policy/web-share) Permissions Policy and {{Glossary("transient activation")}}. (It must be triggered off a UI event like a button click and cannot be launched at arbitrary points by a script.) Further, the method must specify valid data that is supported for sharing by the native implementation. ## Examples diff --git a/files/en-us/web/api/orientationsensor/index.md b/files/en-us/web/api/orientationsensor/index.md index 7e19252a17d7bca..295748f6d8051f0 100644 --- a/files/en-us/web/api/orientationsensor/index.md +++ b/files/en-us/web/api/orientationsensor/index.md @@ -19,7 +19,7 @@ browser-compat: api.OrientationSensor The **`OrientationSensor`** interface of the [Sensor APIs](/en-US/docs/Web/API/Sensor_APIs) is the base class for orientation sensors. This interface cannot be used directly. Instead it provides properties and methods accessed by interfaces that inherit from it. -If a feature policy blocks use of a feature it is because your code is inconsistent with the policies set on your server. This is not something that would ever be shown to a user. The {{httpheader('Feature-Policy')}} HTTP header article contains implementation instructions. +If a Permissions Policy blocks use of a feature it is because your code is inconsistent with the policies set on your server. This is not something that would ever be shown to a user. Our [Permissions Policy](/en-US/docs/Web/HTTP/Permissions_Policy) article contains implementation instructions. {{InheritanceDiagram}} diff --git a/files/en-us/web/api/orientationsensor/populatematrix/index.md b/files/en-us/web/api/orientationsensor/populatematrix/index.md index 5b4af4f19bc7d39..48c17e769c8b787 100644 --- a/files/en-us/web/api/orientationsensor/populatematrix/index.md +++ b/files/en-us/web/api/orientationsensor/populatematrix/index.md @@ -32,9 +32,9 @@ where: - Y = Vy \* sin(θ/2) - Z = Vz \* sin(θ/2) -If a feature policy blocks use of a feature it is because your code is inconsistent +If a Permissions Policy blocks use of a feature it is because your code is inconsistent with the policies set on your server. This is not something that would ever be shown to -a user. The {{httpheader('Feature-Policy')}} HTTP header article contains implementation +a user. Our [Permissions Policy](/en-US/docs/Web/HTTP/Permissions_Policy) article contains implementation instructions. ## Syntax diff --git a/files/en-us/web/api/payment_request_api/index.md b/files/en-us/web/api/payment_request_api/index.md index 3fd1519763645fb..875d3690c822fbe 100644 --- a/files/en-us/web/api/payment_request_api/index.md +++ b/files/en-us/web/api/payment_request_api/index.md @@ -72,4 +72,4 @@ You can find a complete guide in [Using the Payment Request API](/en-US/docs/Web - [Google Pay API PaymentRequest Tutorial](https://developers.google.com/pay/api/web/guides/paymentrequest/tutorial) - [Samsung Pay Web Payments Integration Guide](https://developer.samsung.com/internet/android/web-payments-integration-guide.html) - [W3C Payment Request API FAQ](https://github.com/w3c/payment-request-info/wiki/FAQ) -- Feature Policy directive {{httpheader("Feature-Policy/payment", "payment")}} +- Permissions Policy directive {{httpheader("Permissions-Policy/payment", "payment")}} diff --git a/files/en-us/web/api/picture-in-picture_api/index.md b/files/en-us/web/api/picture-in-picture_api/index.md index e10f034643a4ad1..2038cabb386555a 100644 --- a/files/en-us/web/api/picture-in-picture_api/index.md +++ b/files/en-us/web/api/picture-in-picture_api/index.md @@ -54,7 +54,7 @@ The Picture-in-Picture API augments the {{DOMxRef("HTMLVideoElement")}}, {{DOMxR ### Instance properties on the Document interface - {{DOMxRef("Document.pictureInPictureEnabled")}} - - : The `pictureInPictureEnabled` property tells you whether or not it is possible to engage picture-in-picture mode. This is `false` if picture-in-picture mode is not available for any reason (e.g. the [`"picture-in-picture"` feature](/en-US/docs/Web/HTTP/Headers/Feature-Policy/picture-in-picture) has been disallowed, or picture-in-picture mode is not supported). + - : The `pictureInPictureEnabled` property tells you whether or not it is possible to engage picture-in-picture mode. This is `false` if picture-in-picture mode is not available for any reason (e.g. the [`"picture-in-picture"` feature](/en-US/docs/Web/HTTP/Headers/Permissions-Policy/picture-in-picture) has been disallowed, or picture-in-picture mode is not supported). ### Instance properties on the Document or ShadowRoot interfaces @@ -82,9 +82,7 @@ The [`:picture-in-picture`](/en-US/docs/Web/CSS/:picture-in-picture) [CSS](/en-U ## Controlling access -The availability of picture-in-picture mode can be controlled using [Feature Policy](/en-US/docs/Web/HTTP/Feature_Policy). The fullscreen mode feature is identified by the string `"picture-in-picture"`, with a default allow-list value of `"self"`, meaning that picture-in-picture mode is permitted in top-level document contexts, as well as to nested browsing contexts loaded from the same origin as the top-most document. - -See [Using Feature Policy](/en-US/docs/Web/HTTP/Feature_Policy/Using_Feature_Policy) to learn more about using Feature Policy to control access to an API. +The availability of picture-in-picture mode can be controlled using [Permissions Policy](/en-US/docs/Web/HTTP/Permissions_Policy). The fullscreen mode feature is identified by the string `"picture-in-picture"`, with a default allowlist value of `"self"`, meaning that picture-in-picture mode is permitted in top-level document contexts, as well as to nested browsing contexts loaded from the same origin as the top-most document. ## Examples diff --git a/files/en-us/web/api/relativeorientationsensor/index.md b/files/en-us/web/api/relativeorientationsensor/index.md index 13d8e4d4faa7f85..1968353b10bc402 100644 --- a/files/en-us/web/api/relativeorientationsensor/index.md +++ b/files/en-us/web/api/relativeorientationsensor/index.md @@ -22,7 +22,7 @@ The **`RelativeOrientationSensor`** interface of the [Sensor APIs](/en-US/docs/W To use this sensor, the user must grant permission to the `'accelerometer'`, and `'gyroscope'` device sensors through the [Permissions API](/en-US/docs/Web/API/Permissions_API). -If a feature policy blocks use of a feature it is because your code is inconsistent with the policies set on your server. This is not something that would ever be shown to a user. The {{httpheader('Feature-Policy')}} HTTP header article contains implementation instructions. +If a Permissions Policy blocks use of a feature it is because your code is inconsistent with the policies set on your server. This is not something that would ever be shown to a user. Our [Permissions_Policy](/en-US/docs/Web/HTTP/Permissions_Policy) article contains implementation instructions. {{InheritanceDiagram}} diff --git a/files/en-us/web/api/relativeorientationsensor/relativeorientationsensor/index.md b/files/en-us/web/api/relativeorientationsensor/relativeorientationsensor/index.md index 0754b22a0095fb8..720c2453281741a 100644 --- a/files/en-us/web/api/relativeorientationsensor/relativeorientationsensor/index.md +++ b/files/en-us/web/api/relativeorientationsensor/relativeorientationsensor/index.md @@ -21,11 +21,6 @@ The **`RelativeOrientationSensor()`** constructor creates a new {{domxref("RelativeOrientationSensor")}} object which describes the device's physical orientation. -If a feature policy blocks use of a feature it is because your code is inconsistent -with the policies set on your server. This is not something that would ever be shown -to a user. The {{httpheader('Feature-Policy')}} HTTP header article contains implementation -instructions. - ## Syntax ```js-nolint diff --git a/files/en-us/web/api/reporting_api/index.md b/files/en-us/web/api/reporting_api/index.md index e225172a2496b59..8e44c7ca91fc645 100644 --- a/files/en-us/web/api/reporting_api/index.md +++ b/files/en-us/web/api/reporting_api/index.md @@ -14,14 +14,14 @@ spec-urls: https://w3c.github.io/reporting/#intro {{SeeCompatTable}}{{APIRef("Reporting API")}} -The Reporting API provides a generic reporting mechanism for web applications to use to make reports available based on various platform features (for example [Content Security Policy](/en-US/docs/Web/HTTP/CSP), [Feature-Policy](/en-US/docs/Web/HTTP/Headers/Feature-Policy), or feature deprecation reports) in a consistent manner. +The Reporting API provides a generic reporting mechanism for web applications to use to make reports available based on various platform features (for example [Content Security Policy](/en-US/docs/Web/HTTP/CSP), [Permissions-Policy](/en-US/docs/Web/HTTP/Headers/Permissions-Policy), or feature deprecation reports) in a consistent manner. ## Concepts and usage -There are a number of different features and problems on the web platform that generate information useful to web developers when they are trying to fix bugs or improve their websites in other ways. Such information can include: +There are several different features and problems on the web platform that generate information useful to web developers when they are trying to fix bugs or improve their websites in other ways. Such information can include: - [Content Security Policy](/en-US/docs/Web/HTTP/CSP) violations. -- [Feature-Policy](/en-US/docs/Web/HTTP/Headers/Feature-Policy) violations. +- [Permissions-Policy](/en-US/docs/Web/HTTP/Headers/Permissions-Policy) violations. - Deprecated feature usage (when you are using something that will stop working soon in browsers). - Occurrence of crashes. - Occurrence of user-agent interventions (when the browser blocks something your code is trying to do because it is deemed a security risk for example, or just plain annoying, like auto-playing audio). @@ -137,4 +137,4 @@ Chrome is also working on an implementation: [information about Chrome implement ## See also - [Content Security Policy](/en-US/docs/Web/HTTP/CSP) -- [`Feature-Policy`](/en-US/docs/Web/HTTP/Headers/Feature-Policy) +- [`Permissions-Policy`](/en-US/docs/Web/HTTP/Headers/Permissions-Policy) diff --git a/files/en-us/web/api/screen_capture_api/index.md b/files/en-us/web/api/screen_capture_api/index.md index 0437eb4fabb1689..aa87750d65bf24a 100644 --- a/files/en-us/web/api/screen_capture_api/index.md +++ b/files/en-us/web/api/screen_capture_api/index.md @@ -82,17 +82,15 @@ The following dictionaries are defined by the Screen Capture API. - `DisplayCaptureSurfaceType` - : An enumerated string type which is used to identify the kind of display surface to capture. This type is used for the `displaySurface` property in the constraints and settings objects, and has the possible values `application`, `browser`, `monitor`, and `window`. -## Feature Policy validation +## Permissions Policy validation -{{Glossary("User agent", "User agents")}} that support Feature Policy (either using HTTP's {{HTTPHeader("Feature-Policy")}} header or the {{HTMLElement("iframe")}} attribute {{htmlattrxref("allow", "iframe")}}) can specify a desire to use the Screen Capture API using the policy control directive `display-capture`: +{{Glossary("User agent", "User agents")}} that support [Permissions Policy](/en-US/docs/Web/HTTP/Permissions_Policy) (either using the HTTP {{HTTPHeader("Permissions-Policy")}} header or the {{HTMLElement("iframe")}} attribute {{htmlattrxref("allow", "iframe")}}) can specify a desire to use the Screen Capture API using the directive `display-capture`: ```html ``` -The default allow list is `self`, which lets the any content within the document use Screen Capture. - -See [Using Feature Policy](/en-US/docs/Web/HTTP/Feature_Policy/Using_Feature_Policy) for a more in-depth explanation of how Feature Policy is used. +The default allow list is `self`, which lets any content within the same origin use Screen Capture. ## Specifications diff --git a/files/en-us/web/api/screen_capture_api/using_screen_capture/index.md b/files/en-us/web/api/screen_capture_api/using_screen_capture/index.md index bd106c0187deb81..2c201d5820f1fcb 100644 --- a/files/en-us/web/api/screen_capture_api/using_screen_capture/index.md +++ b/files/en-us/web/api/screen_capture_api/using_screen_capture/index.md @@ -323,12 +323,12 @@ The final product looks like this. If your browser supports Screen Capture API, ## Security -In order to function when [Feature Policy](/en-US/docs/Web/HTTP/Feature_Policy) is enabled, you will need the `display-capture` permission. This can be done using the {{HTTPHeader("Feature-Policy")}} {{Glossary("HTTP")}} header or—if you're using the Screen Capture API in an {{HTMLElement("iframe")}}, the ` -``` - -The default ` -``` - -This example allows ` -``` - -Similar to the HTTP header, several features can be controlled at the same time by specifying a semicolon-separated list of policy directives. - -For example, this blocks the ` -``` - -## Inheritance of policy for embedded content - -Scripts inherit the policy of their browsing context, regardless of their origin. That means that top-level scripts inherit the policy from the main document. - -All iframes inherit the policy of their parent page. If the iframe has an `allow` attribute, the policies of the parent page and the `allow` attribute are combined, using the most restrictive subset. For an iframe to have a feature enabled, the origin must be in the allowlist for both the parent page and the allow attribute. - -Disabling a feature in a policy is a one-way toggle. If a feature has been disabled for a child frame by its parent frame, the child cannot re-enable it, and neither can any of the child's descendants. - -## Enforcing best practices for good user experiences - -It's difficult to build a website that uses all the latest best practices and provides great performance and user experiences. As the website evolves, it can become even harder to maintain the user experience over time. You can use feature policies to specify the desired best practices, and rely on the browser to enforce the policies to prevent regressions. - -There are several policy-controlled features designed to represent functionality that can negatively impact the user experience. These features include: - -- Layout-inducing Animations -- Unoptimized (poorly compressed) images -- Oversized images -- Synchronous scripts -- Synchronous XMLHttpRequest -- Unsized media - -To avoid breaking existing web content, the default for such policy-controlled features is to allow the functionality to be used by all origins. That is, the default allowlist is `'*'` for each feature. Preventing the use of the sub-optimal functionality requires explicitly specifying a policy that disables the features. - -For new content, you can start developing with a policy that disables all the features. This approach ensures that none of the functionality is introduced. When applying a policy to existing content, testing is likely required to verify it continues to work as expected. This is especially important for embedded or third-party content that you do not control. - -To turn on the enforcement of all the best practices, specify the policy as below. - -Send the following the HTTP header: - -```bash -Permissions-Policy: layout-animations 'none'; unoptimized-images 'none'; oversized-images 'none'; sync-script 'none'; sync-xhr 'none'; unsized-media 'none'; -``` - -Using the ` -``` - -## See also - -- [Permissions Policy](/en-US/docs/Web/HTTP/Permissions_Policy) -- {{HTTPHeader("Permissions-Policy")}} header -- {{HTMLElement('iframe','allow','#Attributes')}} attribute on iframes -- {{HTTPHeader("Content-Security-Policy")}} header -- {{HTTPHeader("Referrer-Policy")}} header -- [Privacy, permissions, and information security](/en-US/docs/Web/Privacy) diff --git a/files/en-us/web/media/autoplay_guide/index.md b/files/en-us/web/media/autoplay_guide/index.md index 374a2b5699a100d..78ee4b797921048 100644 --- a/files/en-us/web/media/autoplay_guide/index.md +++ b/files/en-us/web/media/autoplay_guide/index.md @@ -56,7 +56,7 @@ As a general rule, you can assume that media will be allowed to autoplay only if - The audio is muted or its volume is set to 0 - The user has interacted with the site (by clicking, tapping, pressing keys, etc.) - If the site has been allowlisted; this may happen either automatically if the browser determines that the user engages with media frequently, or manually through preferences or other user interface features -- If the autoplay feature policy is used to grant autoplay support to an {{HTMLElement("iframe")}} and its document. +- If the autoplay [Permissions Policy](/en-US/docs/Web/HTTP/Permissions_Policy) is used to grant autoplay support to an {{HTMLElement("iframe")}} and its document. Otherwise, the playback will likely be blocked. The exact situations that result in blocking, and the specifics of how sites become allowlisted vary from browser to browser, but the above are good guidelines to go by. @@ -191,50 +191,50 @@ let playAttempt = setInterval(() => { In the [Web Audio API](/en-US/docs/Web/API/Web_Audio_API), a website or app can start playing audio using the `start()` method on a source node linked to the {{domxref("AudioContext")}}. Doing so outside the context of handling a user input event is subject to autoplay rules. -## The autoplay feature policy +## The autoplay Permissions Policy -In addition to the browser-side management and control over autoplay functionality described above, a web server can also express its willingness to allow autoplay to function. The {{Glossary("HTTP")}} {{HTTPHeader("Feature-Policy")}} header's [`autoplay`](/en-US/docs/Web/HTTP/Headers/Feature-Policy/autoplay) directive is used to control which domains, if any, can be used to autoplay media. By default, the `autoplay` feature policy is set to `'self'` (_including the single quote characters_), indicating that autoplay is permitted as they're hosted on the same domain as the document. +In addition to the browser-side management and control over autoplay functionality described above, a web server can also express its willingness to allow autoplay to function. The {{Glossary("HTTP")}} {{HTTPHeader("Permissions-Policy")}} header's [`autoplay`](/en-US/docs/Web/HTTP/Headers/Permissions-Policy/autoplay) directive is used to control which domains, if any, can be used to autoplay media. By default, the `autoplay` Permissions Policy is set to `self`, indicating that autoplay is permitted as they're hosted on the same domain as the document. -You can also specify `'none'` to disable autoplay entirely, `'*'` to allow autoplay from all domains, or one or more specific origins from which media can be automatically played. These origins are separated by space characters. +You can also specify an empty allowlist (`()`) to disable autoplay entirely, `*` to allow autoplay from all domains, or one or more specific origins from which media can be automatically played. These origins are separated by space characters. -> **Note:** The specified feature policy applies to the document and every {{HTMLElement("iframe")}} nested within it, unless those frames include an {{htmlattrxref("allow", "iframe")}}, which sets a new feature policy for that frame and all frames nested within it. +> **Note:** The specified Permissions Policy applies to the document and every {{HTMLElement("iframe")}} nested within it, unless those frames include an {{htmlattrxref("allow", "iframe")}}, which sets a new Permissions Policy for that frame and all frames nested within it. -When using the {{htmlattrxref("allow", "iframe")}} attribute on an ` + ``` ### Example: Allowing autoplay and fullscreen mode -Adding [Fullscreen API](/en-US/docs/Web/API/Fullscreen_API) permission to the previous example results in a `Feature-Policy` header like the following if fullscreen access is allowed regardless of the domain; a domain restriction can be added as well as needed. +Adding [Fullscreen API](/en-US/docs/Web/API/Fullscreen_API) permission to the previous example results in a `Permissions-Policy` header like the following if fullscreen access is allowed regardless of the domain; a domain restriction can be added as well as needed. ```http -Feature-Policy: autoplay 'self'; fullscreen +Permissions-Policy: autoplay=(self), fullscreen=(self) ``` The same permissions, grated using the ` + ``` ### Example: Allowing autoplay from specific sources -The `Feature-Policy` header to allow media to be played from both the document's (or ` From 28b5b36b0fdab54c30f7852cd03cafaabd1c1098 Mon Sep 17 00:00:00 2001 From: Chris Mills Date: Tue, 6 Dec 2022 10:42:31 +0000 Subject: [PATCH 020/122] Update files/en-us/web/api/sensor_apis/index.md Co-authored-by: Hamish Willee --- files/en-us/web/api/sensor_apis/index.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/files/en-us/web/api/sensor_apis/index.md b/files/en-us/web/api/sensor_apis/index.md index e785aeae4d264ab..24ae97105258b3a 100644 --- a/files/en-us/web/api/sensor_apis/index.md +++ b/files/en-us/web/api/sensor_apis/index.md @@ -86,7 +86,9 @@ try { ### Permissions and Permissions Policy -Sensor readings may not be taken unless the user grants permission to a specific sensor type. Do this using the [Permissions API](/en-US/docs/Web/API/Permissions_API). A brief example, shown below, requests permission before attempting to use the sensor. +Sensor readings may not be taken unless the user grants permission to a specific sensor type using the [Permissions API](/en-US/docs/Web/API/Permissions_API) and/or if access is not blocked by the server {{httpheader('Permissions-Policy')}}. + +The example below shows how to request user-permission before attempting to use the sensor. ```js navigator.permissions.query({ name: 'accelerometer' }) From e5e1839900f70c2ffec0915f6cea87102fbfb2d7 Mon Sep 17 00:00:00 2001 From: Chris Mills Date: Tue, 6 Dec 2022 10:43:36 +0000 Subject: [PATCH 021/122] Update files/en-us/web/http/headers/permissions-policy/accelerometer/index.md Co-authored-by: Hamish Willee --- .../web/http/headers/permissions-policy/accelerometer/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/files/en-us/web/http/headers/permissions-policy/accelerometer/index.md b/files/en-us/web/http/headers/permissions-policy/accelerometer/index.md index df2b2046d1dc0dc..e2961ba59120bc9 100644 --- a/files/en-us/web/http/headers/permissions-policy/accelerometer/index.md +++ b/files/en-us/web/http/headers/permissions-policy/accelerometer/index.md @@ -23,7 +23,7 @@ Specifically, where a defined policy blocks use of this feature, {{domxref("Acce Permissions-Policy: accelerometer=; ``` -- \ +- `` - : A list of origins for which permission is granted to use the feature. See [`Permissions-Policy` > Syntax](/en-US/docs/Web/HTTP/Headers/Permissions-Policy#syntax) for more details. ## Default policy From d7b4f4d7c547776208bb006aef72046d0e1c6fb0 Mon Sep 17 00:00:00 2001 From: Chris Mills Date: Tue, 6 Dec 2022 10:44:27 +0000 Subject: [PATCH 022/122] Update files/en-us/web/http/headers/permissions-policy/autoplay/index.md Co-authored-by: Hamish Willee --- .../en-us/web/http/headers/permissions-policy/autoplay/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/files/en-us/web/http/headers/permissions-policy/autoplay/index.md b/files/en-us/web/http/headers/permissions-policy/autoplay/index.md index ccef34a6aa27e58..d3669ec63fdb31c 100644 --- a/files/en-us/web/http/headers/permissions-policy/autoplay/index.md +++ b/files/en-us/web/http/headers/permissions-policy/autoplay/index.md @@ -31,7 +31,7 @@ a {{domxref("DOMException")}}. The {{htmlattrxref("autoplay", "audio")}} attribu Permissions-Policy: autoplay=; ``` -- \ +- `` - : A list of origins for which permission is granted to use the feature. See [`Permissions-Policy` > Syntax](/en-US/docs/Web/HTTP/Headers/Permissions-Policy#syntax) for more details. ## Default policy From d1c02950e7e9048e42bdec75ced4478b3f7e456d Mon Sep 17 00:00:00 2001 From: Chris Mills Date: Tue, 6 Dec 2022 10:44:59 +0000 Subject: [PATCH 023/122] Update files/en-us/web/http/headers/permissions-policy/camera/index.md Co-authored-by: Hamish Willee --- files/en-us/web/http/headers/permissions-policy/camera/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/files/en-us/web/http/headers/permissions-policy/camera/index.md b/files/en-us/web/http/headers/permissions-policy/camera/index.md index 6be0dc8d679b49a..4434b14a953f558 100644 --- a/files/en-us/web/http/headers/permissions-policy/camera/index.md +++ b/files/en-us/web/http/headers/permissions-policy/camera/index.md @@ -26,7 +26,7 @@ Specifically, where a defined policy blocks use of this feature, {{domxref("Medi Permissions-Policy: camera=; ``` -- \ +- `` - : A list of origins for which permission is granted to use the feature. See [`Permissions-Policy` > Syntax](/en-US/docs/Web/HTTP/Headers/Permissions-Policy#syntax) for more details. ## Default policy From 00aa2f00f36c52eab0614f3880903037919a0b32 Mon Sep 17 00:00:00 2001 From: Chris Mills Date: Tue, 6 Dec 2022 10:45:37 +0000 Subject: [PATCH 024/122] Update files/en-us/web/http/headers/permissions-policy/battery/index.md Co-authored-by: Hamish Willee --- .../en-us/web/http/headers/permissions-policy/battery/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/files/en-us/web/http/headers/permissions-policy/battery/index.md b/files/en-us/web/http/headers/permissions-policy/battery/index.md index 540ab36b0309339..e7d32c4ce7030b0 100644 --- a/files/en-us/web/http/headers/permissions-policy/battery/index.md +++ b/files/en-us/web/http/headers/permissions-policy/battery/index.md @@ -21,7 +21,7 @@ Specifically, where a defined policy blocks use of this feature, {{domxref("Navi Permissions-Policy: battery=; ``` -- \ +- `` - : A list of origins for which permission is granted to use the feature. See [`Permissions-Policy` > Syntax](/en-US/docs/Web/HTTP/Headers/Permissions-Policy#syntax) for more details. ## Default policy From 22d4ff9d36808660f27fac2e8f3256f1461081bb Mon Sep 17 00:00:00 2001 From: Chris Mills Date: Tue, 6 Dec 2022 10:46:11 +0000 Subject: [PATCH 025/122] Update files/en-us/web/http/headers/permissions-policy/display-capture/index.md Co-authored-by: Hamish Willee --- .../http/headers/permissions-policy/display-capture/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/files/en-us/web/http/headers/permissions-policy/display-capture/index.md b/files/en-us/web/http/headers/permissions-policy/display-capture/index.md index 63094686cb18cf7..538e70b58ac1d51 100644 --- a/files/en-us/web/http/headers/permissions-policy/display-capture/index.md +++ b/files/en-us/web/http/headers/permissions-policy/display-capture/index.md @@ -23,7 +23,7 @@ If `display-capture` is disabled in a document, the document will not be able to Permissions-Policy: display-capture=; ``` -- \ +- `` - : A list of origins for which permission is granted to use the feature. See [`Permissions-Policy` > Syntax](/en-US/docs/Web/HTTP/Headers/Permissions-Policy#syntax) for more details. ## Default policy From 51ab707bb35a3fbad50a33f48edc9e8efa718454 Mon Sep 17 00:00:00 2001 From: Chris Mills Date: Tue, 6 Dec 2022 10:46:54 +0000 Subject: [PATCH 026/122] Update files/en-us/web/http/headers/permissions-policy/ambient-light-sensor/index.md Co-authored-by: Hamish Willee --- .../headers/permissions-policy/ambient-light-sensor/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/files/en-us/web/http/headers/permissions-policy/ambient-light-sensor/index.md b/files/en-us/web/http/headers/permissions-policy/ambient-light-sensor/index.md index 7370fb56703cdfa..0c38c7019ab3e17 100644 --- a/files/en-us/web/http/headers/permissions-policy/ambient-light-sensor/index.md +++ b/files/en-us/web/http/headers/permissions-policy/ambient-light-sensor/index.md @@ -21,7 +21,7 @@ Specifically, where a defined policy blocks use of this feature, {{domxref("Ambi Permissions-Policy: ambient-light-sensor=; ``` -- \ +- `` - : A list of origins for which permission is granted to use the feature. See [`Permissions-Policy` > Syntax](/en-US/docs/Web/HTTP/Headers/Permissions-Policy#syntax) for more details. ## Default policy From efb2830cc402ebfa4179a23c6950fb8660e1002c Mon Sep 17 00:00:00 2001 From: Chris Mills Date: Tue, 6 Dec 2022 10:47:34 +0000 Subject: [PATCH 027/122] Update files/en-us/web/http/headers/permissions-policy/document-domain/index.md Co-authored-by: Hamish Willee --- .../http/headers/permissions-policy/document-domain/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/files/en-us/web/http/headers/permissions-policy/document-domain/index.md b/files/en-us/web/http/headers/permissions-policy/document-domain/index.md index 822761d680b690a..ec88eec2da6d872 100644 --- a/files/en-us/web/http/headers/permissions-policy/document-domain/index.md +++ b/files/en-us/web/http/headers/permissions-policy/document-domain/index.md @@ -29,7 +29,7 @@ to set {{domxref("document.domain")}} will fail and cause a `SecurityError` Permissions-Policy: document-domain=; ``` -- \ +- `` - : A list of origins for which permission is granted to use the feature. See [`Permissions-Policy` > Syntax](/en-US/docs/Web/HTTP/Headers/Permissions-Policy#syntax) for more details. ## Default policy From 02a03050d4f2c3557277e4c674149cff4242f01f Mon Sep 17 00:00:00 2001 From: Chris Mills Date: Tue, 6 Dec 2022 10:48:20 +0000 Subject: [PATCH 028/122] Update files/en-us/web/http/headers/permissions-policy/encrypted-media/index.md Co-authored-by: Hamish Willee --- .../http/headers/permissions-policy/encrypted-media/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/files/en-us/web/http/headers/permissions-policy/encrypted-media/index.md b/files/en-us/web/http/headers/permissions-policy/encrypted-media/index.md index ab2ec5932726891..b10505107d10407 100644 --- a/files/en-us/web/http/headers/permissions-policy/encrypted-media/index.md +++ b/files/en-us/web/http/headers/permissions-policy/encrypted-media/index.md @@ -24,7 +24,7 @@ Specifically, where a defined policy blocks use of this feature, the {{jsxref("P Permissions-Policy: encrypted-media=; ``` -- \ +- `` - : A list of origins for which permission is granted to use the feature. See [`Permissions-Policy` > Syntax](/en-US/docs/Web/HTTP/Headers/Permissions-Policy#syntax) for more details. ## Default policy From a785d89ded792cf76fed3e3ced838e277af09bce Mon Sep 17 00:00:00 2001 From: Chris Mills Date: Tue, 6 Dec 2022 10:48:55 +0000 Subject: [PATCH 029/122] Update files/en-us/web/http/headers/permissions-policy/execution-while-not-rendered/index.md Co-authored-by: Hamish Willee --- .../permissions-policy/execution-while-not-rendered/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/files/en-us/web/http/headers/permissions-policy/execution-while-not-rendered/index.md b/files/en-us/web/http/headers/permissions-policy/execution-while-not-rendered/index.md index ea5a3df77b2266e..d0d4f6fd4607bdf 100644 --- a/files/en-us/web/http/headers/permissions-policy/execution-while-not-rendered/index.md +++ b/files/en-us/web/http/headers/permissions-policy/execution-while-not-rendered/index.md @@ -23,7 +23,7 @@ Specifically, where a defined policy blocks execution of task rendering while co Permissions-Policy: execution-while-not-rendered=; ``` -- \ +- `` - : A list of origins for which permission is granted to use the feature. See [`Permissions-Policy` > Syntax](/en-US/docs/Web/HTTP/Headers/Permissions-Policy#syntax) for more details. ## Default policy From 7d38065bd8ccaf1bf9e5270d09e11fbd506b2154 Mon Sep 17 00:00:00 2001 From: Chris Mills Date: Tue, 6 Dec 2022 10:50:18 +0000 Subject: [PATCH 030/122] Update files/en-us/web/http/headers/permissions-policy/execution-while-out-of-viewport/index.md Co-authored-by: Hamish Willee --- .../permissions-policy/execution-while-out-of-viewport/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/files/en-us/web/http/headers/permissions-policy/execution-while-out-of-viewport/index.md b/files/en-us/web/http/headers/permissions-policy/execution-while-out-of-viewport/index.md index d44b62ea12d3e41..41c21e46ddc2ebe 100644 --- a/files/en-us/web/http/headers/permissions-policy/execution-while-out-of-viewport/index.md +++ b/files/en-us/web/http/headers/permissions-policy/execution-while-out-of-viewport/index.md @@ -23,7 +23,7 @@ Specifically, where a defined policy blocks execution of task rendering while co Permissions-Policy: execution-while-out-of-viewport=; ``` -- \ +- `` - : A list of origins for which permission is granted to use the feature. See [`Permissions-Policy` > Syntax](/en-US/docs/Web/HTTP/Headers/Permissions-Policy#syntax) for more details. ## Default policy From ed55ac16895efc173c14660db09f3b7b2a442a0b Mon Sep 17 00:00:00 2001 From: Chris Mills Date: Tue, 6 Dec 2022 10:50:55 +0000 Subject: [PATCH 031/122] Update files/en-us/web/http/headers/permissions-policy/fullscreen/index.md Co-authored-by: Hamish Willee --- .../web/http/headers/permissions-policy/fullscreen/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/files/en-us/web/http/headers/permissions-policy/fullscreen/index.md b/files/en-us/web/http/headers/permissions-policy/fullscreen/index.md index 90114475de18db6..7dd13489175112d 100644 --- a/files/en-us/web/http/headers/permissions-policy/fullscreen/index.md +++ b/files/en-us/web/http/headers/permissions-policy/fullscreen/index.md @@ -27,7 +27,7 @@ Specifically, where a defined policy blocks use of this feature, {{domxref('Elem Permissions-Policy: fullscreen=; ``` -- \ +- `` - : A list of origins for which permission is granted to use the feature. See [`Permissions-Policy` > Syntax](/en-US/docs/Web/HTTP/Headers/Permissions-Policy#syntax) for more details. ## Default policy From ecb480d9e7a0f55fe0a4a554306be7b9b1744beb Mon Sep 17 00:00:00 2001 From: Chris Mills Date: Tue, 6 Dec 2022 10:51:55 +0000 Subject: [PATCH 032/122] Update files/en-us/web/http/permissions_policy/index.md Co-authored-by: Hamish Willee --- files/en-us/web/http/permissions_policy/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/files/en-us/web/http/permissions_policy/index.md b/files/en-us/web/http/permissions_policy/index.md index 65a672c47df2024..264afcffd320fd6 100644 --- a/files/en-us/web/http/permissions_policy/index.md +++ b/files/en-us/web/http/permissions_policy/index.md @@ -66,7 +66,7 @@ Permissions Policy and the {{domxref("Permissions API", "Permissions API", "", " The identifying string used for each feature is kept consistent across both, for example, `geolocation` for the {{domxref("Geolocation API", "Geolocation API", "", "nocode")}}. Most of the API features in the Permissions Registry also have a corresponding Permissions Policy directive. One exception is the {{domxref("Notifications API", "Notifications API", "", "nocode")}}. -In practical terms, when you set a Permissions Policy that blocks the use of a powerful feature, the user won't be asked for permission to use it, and the Permissions API {{domxref("Permissions.query", "query()")}} method will always return a {{domxref("PermissionStatus.state", "state")}} value of `denied`. +Generally when a Permissions Policy blocks the use of a powerful feature, the user won't even be asked for permission to use it, and the Permissions API {{domxref("Permissions.query", "query()")}} method will return a {{domxref("PermissionStatus.state", "state")}} value of `denied`. See also [Permissions > Relationship to the Permissions Policy specification](https://w3c.github.io/permissions/#relationship-to-permissions-policy). From 787d9cee2b47076bdd346449e4f3b7c28a47ca12 Mon Sep 17 00:00:00 2001 From: Chris Mills Date: Tue, 6 Dec 2022 10:54:29 +0000 Subject: [PATCH 033/122] Update files/en-us/web/privacy/index.md Co-authored-by: Hamish Willee --- files/en-us/web/privacy/index.md | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/files/en-us/web/privacy/index.md b/files/en-us/web/privacy/index.md index 69e1e8067720476..f7becb4b95bccbc 100644 --- a/files/en-us/web/privacy/index.md +++ b/files/en-us/web/privacy/index.md @@ -123,9 +123,9 @@ There are several web technologies and features at play to manage privacy and se Permissions Policy - Lets web developers selectively enable, disable, and modify the behavior - of certain features and APIs both for a document and for subdocuments - loaded in {{HTMLElement("iframe")}}s via the {{HTTPHeader("Permissions-Policy")}} HTTP header. The {{htmlattrxref("allow", "iframe")}} attribute can be used to set Permissions Policies on individual {{HTMLElement("iframe")}}s. + Lets web servers selectively enable or disable features and APIs, both for a document and for subdocuments + loaded in {{HTMLElement("iframe")}}s via the {{HTTPHeader("Permissions-Policy")}} HTTP header. + The {{htmlattrxref("allow", "iframe")}} attribute can be used to set Permissions Policies on individual {{HTMLElement("iframe")}}s. From 2845294b3fbf2e6e494b8068aed401434e10d728 Mon Sep 17 00:00:00 2001 From: Chris Mills Date: Tue, 6 Dec 2022 10:56:13 +0000 Subject: [PATCH 034/122] Update files/en-us/web/http/headers/permissions-policy/fullscreen/index.md Co-authored-by: Hamish Willee --- .../web/http/headers/permissions-policy/fullscreen/index.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/files/en-us/web/http/headers/permissions-policy/fullscreen/index.md b/files/en-us/web/http/headers/permissions-policy/fullscreen/index.md index 7dd13489175112d..a58f71ac0011a93 100644 --- a/files/en-us/web/http/headers/permissions-policy/fullscreen/index.md +++ b/files/en-us/web/http/headers/permissions-policy/fullscreen/index.md @@ -46,7 +46,7 @@ Permissions-Policy: fullscreen=(self "https://example.com") ### With an \ ``` diff --git a/files/en-us/web/api/mediadevices/selectaudiooutput/index.md b/files/en-us/web/api/mediadevices/selectaudiooutput/index.md index ea1a9237bd8381e..82619131834420f 100644 --- a/files/en-us/web/api/mediadevices/selectaudiooutput/index.md +++ b/files/en-us/web/api/mediadevices/selectaudiooutput/index.md @@ -49,7 +49,7 @@ The object describes the user-selected audio output device. ### Exceptions - `NotAllowedError` {{domxref("DOMException")}} - - : Returned if the current page has not been granted the {{HTTPHeader("Permissions-Policy/speaker-selection","speaker-selection")}} permission or the user closed the selection prompt without choosing a device. + - : Returned if a `speaker-selection` [Permissions Policy](/en-US/docs/Web/HTTP/Permissions_Policy) is used to block use of audio outputs (in addition the popup for selecting an audio output won't be displayed), or the user closed the selection prompt without choosing a device. - `NotFoundError` {{domxref("DOMException")}} - : Returned if there are no available audio output devices. - `InvalidStateError` {{domxref("DOMException")}} diff --git a/files/en-us/web/api/navigator/getbattery/index.md b/files/en-us/web/api/navigator/getbattery/index.md index 364be7221a46692..2063bf24c1f6fe4 100644 --- a/files/en-us/web/api/navigator/getbattery/index.md +++ b/files/en-us/web/api/navigator/getbattery/index.md @@ -43,17 +43,13 @@ information about the battery's state. This method doesn't throw true exceptions; instead, it rejects the returned promise, passing into it a {{domxref("DOMException")}} whose `name` is one of the following: -- `SecurityError` - - - : The User Agent does not expose battery information to insecure contexts and this method was called from insecure context. +- `NotAllowedError` {{domxref("DOMException")}} - > **Note:** Old versions of some User Agents might allow use of this feature in insecure contexts. + - : Use of this feature was blocked by a [Permissions Policy](/en-US/docs/Web/HTTP/Permissions_Policy). -- `NotAllowedError` +- `SecurityError` - - : No User Agent currently throws this exception, but the specification describes the following behaviors: - > This document is not allowed to use this feature. - > For example, it might not be explicitly allowed or restricted via {{HTTPHeader("Permissions-Policy")}} {{HTTPHeader("Permissions-Policy/battery", "battery")}} feature. + - : The User Agent does not expose battery information to insecure contexts and this method was called from an insecure context. ## Examples diff --git a/files/en-us/web/api/navigator/getgamepads/index.md b/files/en-us/web/api/navigator/getgamepads/index.md index 2a853cf1716ad2d..504911606ea3b99 100644 --- a/files/en-us/web/api/navigator/getgamepads/index.md +++ b/files/en-us/web/api/navigator/getgamepads/index.md @@ -20,8 +20,6 @@ The **`Navigator.getGamepads()`** method returns an array of Elements in the array may be `null` if a gamepad disconnects during a session, so that the remaining gamepads retain the same index. -Calls to this method will throw a `SecurityError` {{domxref('DOMException')}} if disallowed by the {{httpheader('Permissions-Policy/gamepad','gamepad')}} [Permissions Policy](/en-US/docs/Web/HTTP/Permissions_Policy). - ## Syntax ```js-nolint @@ -36,6 +34,11 @@ None. An {{jsxref("Array")}} of {{domxref("Gamepad")}} objects, eventually empty. +### Exceptions + +- `SecurityError` {{domxref("DOMException")}} + - : Use of this feature was blocked by a [Permissions Policy](/en-US/docs/Web/HTTP/Permissions_Policy). + ## Examples ```js diff --git a/files/en-us/web/api/navigator/hid/index.md b/files/en-us/web/api/navigator/hid/index.md index a7bb274a3cc121a..238a26714c13ae0 100644 --- a/files/en-us/web/api/navigator/hid/index.md +++ b/files/en-us/web/api/navigator/hid/index.md @@ -20,6 +20,8 @@ read-only property returns an {{domxref("HID")}} object providing methods for connecting to HID devices, listing attached HID devices, and event handlers for connected HID devices. +Where a defined [Permissions Policy](/en-US/docs/Web/HTTP/Permissions_Policy) blocks WebHID usage, the `Navigator.hid` property will not be available. + ## Value An {{domxref("HID")}} object. diff --git a/files/en-us/web/api/navigator/requestmediakeysystemaccess/index.md b/files/en-us/web/api/navigator/requestmediakeysystemaccess/index.md index 600580570514015..79b46455e635007 100644 --- a/files/en-us/web/api/navigator/requestmediakeysystemaccess/index.md +++ b/files/en-us/web/api/navigator/requestmediakeysystemaccess/index.md @@ -68,6 +68,8 @@ In case of an error, the returned {{jsxref('Promise')}} is rejected with a browser, or none of the configurations specified by `supportedConfigurations` can be satisfied (if, for example, none of the `codecs` specified in `contentType` are available). +- `SecurityError` {{domxref("DOMException")}} + - : Use of this feature was blocked by a [Permissions Policy](/en-US/docs/Web/HTTP/Permissions_Policy). - {{jsxref("TypeError")}}` - : Either `keySystem` is an empty string or the `supportedConfigurations` array is empty. diff --git a/files/en-us/web/api/navigator/requestmidiaccess/index.md b/files/en-us/web/api/navigator/requestmidiaccess/index.md index 67a892fb0a6c9e3..b1a3bfc64fbf0c8 100644 --- a/files/en-us/web/api/navigator/requestmidiaccess/index.md +++ b/files/en-us/web/api/navigator/requestmidiaccess/index.md @@ -44,13 +44,13 @@ A {{jsxref('Promise')}} that resolves with a [`MIDIAccess`](/en-US/docs/Web/API/ ### Exceptions - `AbortError` {{domxref("DOMException")}} - - : If the document or page is closed due to user navigation. + - : Thrown if the document or page is closed due to user navigation. - `InvalidStateError` {{domxref("DOMException")}} - - : If the underlying system raises any errors. + - : Thrown if the underlying system raises any errors. - `NotSupportedError` {{domxref("DOMException")}} - - : If the feature or options are not supported by the system. + - : Thrown if the feature or options are not supported by the system. - `SecurityError` {{domxref("DOMException")}} - - : If the user or system denies the application from creating a [MIDIAccess](/en-US/docs/Web/API/MIDIAccess) object with the requested options, or if the document is not allowed to use the feature (for example, an iframe without the correct [Permission Policy](/en-US/docs/Web/HTTP/Feature_Policy), or when the user has previously denied a permissions access to the feature). + - : Thrown if the user or system denies the application from creating a [MIDIAccess](/en-US/docs/Web/API/MIDIAccess) object with the requested options, or if the document is not allowed to use the feature (for example, because of a [Permission Policy](/en-US/docs/Web/HTTP/Feature_Policy), or because the user previously denied a permission request). ## Examples diff --git a/files/en-us/web/api/navigator/share/index.md b/files/en-us/web/api/navigator/share/index.md index b4f88ddae09993f..eb13a50bde07e1f 100644 --- a/files/en-us/web/api/navigator/share/index.md +++ b/files/en-us/web/api/navigator/share/index.md @@ -49,7 +49,7 @@ A {{jsxref("Promise")}} that resolves with `undefined`, or rejected with one of The {{jsxref("Promise")}} may be rejected with one of the following `DOMException` values: - `NotAllowedError` {{domxref("DOMException")}} - - : The [web-share](/en-US/docs/Web/HTTP/Headers/Permissions-Policy/web-share) permission has not been granted, or the window does not have {{Glossary("transient activation")}}, or a file share is being blocked due to security considerations. + - : A `web-share` [Permissions Policy](/en-US/docs/Web/HTTP/Permissions_Policy) has been used to block the use of this feature, the window does not have {{Glossary("transient activation")}}, or a file share is being blocked due to security considerations. - {{jsxref("TypeError")}} - : The specified share data cannot be validated. Possible reasons include: diff --git a/files/en-us/web/api/orientationsensor/index.md b/files/en-us/web/api/orientationsensor/index.md index 295748f6d8051f0..874c9be79f8445b 100644 --- a/files/en-us/web/api/orientationsensor/index.md +++ b/files/en-us/web/api/orientationsensor/index.md @@ -19,7 +19,7 @@ browser-compat: api.OrientationSensor The **`OrientationSensor`** interface of the [Sensor APIs](/en-US/docs/Web/API/Sensor_APIs) is the base class for orientation sensors. This interface cannot be used directly. Instead it provides properties and methods accessed by interfaces that inherit from it. -If a Permissions Policy blocks use of a feature it is because your code is inconsistent with the policies set on your server. This is not something that would ever be shown to a user. Our [Permissions Policy](/en-US/docs/Web/HTTP/Permissions_Policy) article contains implementation instructions. +This feature may be blocked by a [Permissions Policy](/en-US/docs/Web/HTTP/Permissions_Policy) set on your server. {{InheritanceDiagram}} diff --git a/files/en-us/web/api/paymentrequest/paymentrequest/index.md b/files/en-us/web/api/paymentrequest/paymentrequest/index.md index ab1ea0e56c5d41c..18f2866b38ed6ae 100644 --- a/files/en-us/web/api/paymentrequest/paymentrequest/index.md +++ b/files/en-us/web/api/paymentrequest/paymentrequest/index.md @@ -114,6 +114,11 @@ new PaymentRequest(methodData, details, options) A new {{domxref("PaymentRequest")}} object, configured for use as configured by the input parameters. +### Exceptions + +- `SecurityError` {{domxref("DOMException")}} + - : Use of this feature was blocked by a [Permissions Policy](/en-US/docs/Web/HTTP/Permissions_Policy). + ## Examples The following example shows minimal functionality and focuses instead on showing the diff --git a/files/en-us/web/api/relativeorientationsensor/index.md b/files/en-us/web/api/relativeorientationsensor/index.md index 1968353b10bc402..eff0e16234ff820 100644 --- a/files/en-us/web/api/relativeorientationsensor/index.md +++ b/files/en-us/web/api/relativeorientationsensor/index.md @@ -20,9 +20,7 @@ browser-compat: api.RelativeOrientationSensor The **`RelativeOrientationSensor`** interface of the [Sensor APIs](/en-US/docs/Web/API/Sensor_APIs) describes the device's physical orientation without regard to the Earth's reference coordinate system. -To use this sensor, the user must grant permission to the `'accelerometer'`, and `'gyroscope'` device sensors through the [Permissions API](/en-US/docs/Web/API/Permissions_API). - -If a Permissions Policy blocks use of a feature it is because your code is inconsistent with the policies set on your server. This is not something that would ever be shown to a user. Our [Permissions_Policy](/en-US/docs/Web/HTTP/Permissions_Policy) article contains implementation instructions. +To use this sensor, the user must grant permission to the `'accelerometer'`, and `'gyroscope'` device sensors through the [Permissions API](/en-US/docs/Web/API/Permissions_API). In addition, this feature may be blocked by a [Permissions Policy](/en-US/docs/Web/HTTP/Permissions_Policy) set on your server. {{InheritanceDiagram}} diff --git a/files/en-us/web/api/relativeorientationsensor/relativeorientationsensor/index.md b/files/en-us/web/api/relativeorientationsensor/relativeorientationsensor/index.md index 720c2453281741a..4f3054d9ace5a88 100644 --- a/files/en-us/web/api/relativeorientationsensor/relativeorientationsensor/index.md +++ b/files/en-us/web/api/relativeorientationsensor/relativeorientationsensor/index.md @@ -45,6 +45,11 @@ new RelativeOrientationSensor(options) - : Either `'device'` or `'screen'`. The default is `'device'`. +### Exceptions + +- `SecurityError` {{domxref("DOMException")}} + - : Use of this feature was blocked by a [Permissions Policy](/en-US/docs/Web/HTTP/Permissions_Policy). + ## Specifications {{Specifications}} diff --git a/files/en-us/web/api/screen_capture_api/index.md b/files/en-us/web/api/screen_capture_api/index.md index aa87750d65bf24a..492bd6b3e90bb7a 100644 --- a/files/en-us/web/api/screen_capture_api/index.md +++ b/files/en-us/web/api/screen_capture_api/index.md @@ -90,7 +90,7 @@ The following dictionaries are defined by the Screen Capture API. ``` -The default allow list is `self`, which lets any content within the same origin use Screen Capture. +The default allowlist is `self`, which lets any content within the same origin use Screen Capture. ## Specifications diff --git a/files/en-us/web/api/screen_wake_lock_api/index.md b/files/en-us/web/api/screen_wake_lock_api/index.md index b36473320fe025d..bee3a40db3caf31 100644 --- a/files/en-us/web/api/screen_wake_lock_api/index.md +++ b/files/en-us/web/api/screen_wake_lock_api/index.md @@ -124,6 +124,8 @@ You can find the [complete code on GitHub here](https://github.com/mdn/dom-examp Access to the Screen Wake Lock API is controlled by the [Permissions Policy](/en-US/docs/Web/HTTP/Permissions_Policy) directive {{HTTPHeader("Permissions-Policy/screen-wake-lock","screen-wake-lock")}}. +The default allowlist for `screen-wake-lock` is `self`. + ## Specifications {{Specifications}} diff --git a/files/en-us/web/api/sensor/index.md b/files/en-us/web/api/sensor/index.md index bdf9a04c64ac869..9d4b49f4c1f7e6c 100644 --- a/files/en-us/web/api/sensor/index.md +++ b/files/en-us/web/api/sensor/index.md @@ -17,7 +17,7 @@ browser-compat: api.Sensor The **`Sensor`** interface of the [Sensor APIs](/en-US/docs/Web/API/Sensor_APIs) is the base class for all the other sensor interfaces. This interface cannot be used directly. Instead it provides properties, event handlers, and methods accessed by interfaces that inherit from it. -If a Permissions Policy blocks use of a feature it is because your code is inconsistent with the policies set on your server. This is not something that would ever be shown to a user. Our [Permissions Policy](/en-US/docs/Web/HTTP/Permissions_Policy) article contains implementation instructions. +This feature may be blocked by a [Permissions Policy](/en-US/docs/Web/HTTP/Permissions_Policy) set on your server. {{InheritanceDiagram}} diff --git a/files/en-us/web/api/sensor_apis/index.md b/files/en-us/web/api/sensor_apis/index.md index 24ae97105258b3a..4e29d75f427f32a 100644 --- a/files/en-us/web/api/sensor_apis/index.md +++ b/files/en-us/web/api/sensor_apis/index.md @@ -55,7 +55,7 @@ As stated in Feature Detection, checking for a particular sensor API is insuffic The code example below illustrates these principles. The {{jsxref('statements/try...catch', 'try...catch')}} block catches errors thrown during sensor instantiation. It listens for {{domxref('Sensor.error_event', 'error')}} events to catch errors thrown during use. The only time anything is shown to the user is when [permissions](/en-US/docs/Web/API/Permissions_API) need to be requested and when the sensor type isn't supported by the device. -> **Note:** If a Permissions Policy blocks use of a feature it is because your code is inconsistent with the policies set on your server. This is not something that would ever be shown to a user. Our [Permissions Policy](/en-US/docs/Web/HTTP/Permissions_Policy) article contains implementation instructions. +In addition, this feature may be blocked by a [Permissions Policy](/en-US/docs/Web/HTTP/Permissions_Policy) set on your server. ```js let accelerometer = null; diff --git a/files/en-us/web/api/serial/getports/index.md b/files/en-us/web/api/serial/getports/index.md index 922d8b43ab140f8..329561b24075161 100644 --- a/files/en-us/web/api/serial/getports/index.md +++ b/files/en-us/web/api/serial/getports/index.md @@ -33,7 +33,7 @@ A {{jsxref("Promise")}} that resolves with an array of {{domxref("SerialPort")}} ### Exceptions - `SecurityError` {{domxref("DOMException")}} - - : The returned `Promise` rejects with this error if a [Feature Policy](/en-US/docs/Web/HTTP/Feature_Policy) restricts use of this API or a permission to use it has not granted via a user gesture. + - : The returned `Promise` rejects with this error if a [Permissions Policy](/en-US/docs/Web/HTTP/Permissions_Policy) blocks the use of this feature or a user permission prompt was denied. ## Examples diff --git a/files/en-us/web/api/serial/requestport/index.md b/files/en-us/web/api/serial/requestport/index.md index 0abf2e2d5e10882..eb027002a62e319 100644 --- a/files/en-us/web/api/serial/requestport/index.md +++ b/files/en-us/web/api/serial/requestport/index.md @@ -45,7 +45,7 @@ A {{jsxref("Promise")}} that resolves with an instance of {{domxref("SerialPort" ### Exceptions - `SecurityError` {{domxref("DOMException")}} - - : The returned `Promise` rejects with this error if a [Feature Policy](/en-US/docs/Web/HTTP/Feature_Policy) restricts use of this API or a permission to use it has not granted via a user gesture. + - : The returned `Promise` rejects with this error if a [Permissions Policy](/en-US/docs/Web/HTTP/Permissions_Policy) blocks the use of this feature or a user permission prompt was denied. - `AbortError` {{domxref("DOMException")}} - : The returned `Promise` rejects with this if the user does not select a port when prompted. diff --git a/files/en-us/web/api/wakelock/request/index.md b/files/en-us/web/api/wakelock/request/index.md index 99fab844c244cf9..cf7fd58c2fd169d 100644 --- a/files/en-us/web/api/wakelock/request/index.md +++ b/files/en-us/web/api/wakelock/request/index.md @@ -45,11 +45,10 @@ A {{jsxref("Promise")}} that resolves with a {{domxref("WakeLockSentinel")}} obj - : Thrown when wake lock is not available, which can happen because: - - Document is not allowed to use screen wake lock due to screen-wake-lock - policy. - - Document is not fully active. - - Document is hidden. - - {{Glossary("User Agent")}} could not acquire platform's wake lock. + - Use of this feature is blocked by a [Permissions Policy](/en-US/docs/Web/HTTP/Permissions_Policy). + - The document is not fully active. + - The document is hidden. + - The {{Glossary("User Agent")}} could not acquire platform's wake lock. ## Examples diff --git a/files/en-us/web/api/webxr_device_api/permissions_and_security/index.md b/files/en-us/web/api/webxr_device_api/permissions_and_security/index.md index ae028ec8741b272..86c19f785d65f4b 100644 --- a/files/en-us/web/api/webxr_device_api/permissions_and_security/index.md +++ b/files/en-us/web/api/webxr_device_api/permissions_and_security/index.md @@ -6,13 +6,13 @@ page-type: guide {{DefaultAPISidebar("WebXR Device API")}} -The [WebXR Device API](/en-US/docs/Web/API/WebXR_Device_API) has several areas of security to contend with, from establishing feature-policy to ensuring the user intends to use the mixed reality presentation before activating it. Among other things, you need to confirm access to device features such as the microphone and/or camera, get permission to use immersive VR mode (if applicable), and so forth. The variety of hardware and software involved in XR brings multiple APIs and technologies into play. In this guide, we'll cover how to ensure your app has the permissions it needs to provide a secure and private XR experience. +The [WebXR Device API](/en-US/docs/Web/API/WebXR_Device_API) has several areas of security to contend with, from establishing [Permissions Policy](/en-US/docs/Web/HTTP/Permissions_Policy) to ensuring the user intends to use the mixed reality presentation before activating it. Among other things, you need to confirm access to device features such as the microphone and/or camera, get permission to use immersive VR mode (if applicable), and so forth. The variety of hardware and software involved in XR brings multiple APIs and technologies into play. In this guide, we'll cover how to ensure your app has the permissions it needs to provide a secure and private XR experience. The WebXR Device API is subject to a number of permission and security controls. While not onerous, they are worth being aware of. These mostly revolve around the fully-immersive `immersive-vr` session mode, but there are things to be aware of when setting up an AR session, as well. ## Immersive presentation of VR -First, any requests to activate the `immersive-vr` mode are rejected if the domain issuing the request does not have permission to enable an immersive session. This permission comes from the `xr-spatial-tracking` [feature policy](/en-US/docs/Web/HTTP/Feature_Policy). +First, any requests to activate the `immersive-vr` mode are rejected if the domain issuing the request does not have permission to enable an immersive session. This permission comes from the `xr-spatial-tracking` [Permissions Policy](/en-US/docs/Web/HTTP/Permissions_Policy). Once that check is passed, the request to enter `immersive-vr` mode is allowed if all of the following are true: diff --git a/files/en-us/web/api/xrsystem/devicechange_event/index.md b/files/en-us/web/api/xrsystem/devicechange_event/index.md index 158f81633e0b111..c8e4d4c06e2875e 100644 --- a/files/en-us/web/api/xrsystem/devicechange_event/index.md +++ b/files/en-us/web/api/xrsystem/devicechange_event/index.md @@ -33,6 +33,8 @@ addEventListener('devicechange', (event) => { }) ondevicechange = (event) => { } ``` +If the use of WebXR has been blocked by an `xr-spatial-tracking` [Permissions Policy](/en-US/docs/Web/HTTP/Permissions_Policy), `devicechange` events will not fire. + ## Event type A generic {{DOMxRef("Event")}} with no added properties. diff --git a/files/en-us/web/api/xrsystem/issessionsupported/index.md b/files/en-us/web/api/xrsystem/issessionsupported/index.md index 9c6b3cb3d058569..dbe2feeea473723 100644 --- a/files/en-us/web/api/xrsystem/issessionsupported/index.md +++ b/files/en-us/web/api/xrsystem/issessionsupported/index.md @@ -58,8 +58,7 @@ returned promise, passing to the rejection handler a {{domxref("DOMException")}} `name` is one of the following strings. - `SecurityError` - - : The document's origin does not have permission to use the - `xr-spatial-tracking` [feature policy](/en-US/docs/Web/HTTP/Feature_Policy). + - : Use of this feature is blocked by an `xr-spatial-tracking` [Permissions Policy](/en-US/docs/Web/HTTP/Permissions_Policy). ## Examples diff --git a/files/en-us/web/api/xrsystem/requestsession/index.md b/files/en-us/web/api/xrsystem/requestsession/index.md index 732c57cfeb22037..e8e02af6ed211fa 100644 --- a/files/en-us/web/api/xrsystem/requestsession/index.md +++ b/files/en-us/web/api/xrsystem/requestsession/index.md @@ -85,8 +85,7 @@ following: specified `sessionMode`; this can also be thrown if any of the _required_ options are unsupported. - `SecurityError` {{domxref("DOMException")}} - - : Returned if permission to enter the specified XR mode is denied. This can happen for a number - of reasons, which are covered in more detail in [Permissions and security](/en-US/docs/Web/API/WebXR_Device_API/Permissions_and_security). + - : Returned if permission to enter the specified XR mode is denied. This can happen for several reasons, which are covered in more detail in [Permissions and security](/en-US/docs/Web/API/WebXR_Device_API/Permissions_and_security). ## Session features diff --git a/files/en-us/web/html/global_attributes/nonce/index.md b/files/en-us/web/html/global_attributes/nonce/index.md index a49bb95b0a3a41d..6ae4141e75a4c61 100644 --- a/files/en-us/web/html/global_attributes/nonce/index.md +++ b/files/en-us/web/html/global_attributes/nonce/index.md @@ -17,17 +17,17 @@ be allowed to proceed for a given element. ## Description -The `nonce` attribute is useful to allow-list specific elements, such as a particular inline script or style elements. -It can help you to avoid using the [CSP](/en-US/docs/Web/HTTP/CSP) `unsafe-inline` directive, which would allow-list _all_ inline scripts or styles. +The `nonce` attribute is useful to allowlist specific elements, such as a particular inline script or style elements. +It can help you to avoid using the [CSP](/en-US/docs/Web/HTTP/CSP) `unsafe-inline` directive, which would allowlist _all_ inline scripts or styles. > **Note:** Only use `nonce` for cases where you have no way around using unsafe inline script > or style contents. If you don't need `nonce`, don't use it. If your script is static, you could also use a CSP hash instead. > (See usage notes on [unsafe inline script](/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/script-src#unsafe_inline_script).) > Always try to take full advantage of [CSP](/en-US/docs/Web/HTTP/CSP) protections and avoid nonces or unsafe inline scripts whenever possible. -### Using nonce to allow-list a \