Permissions Policy
Enabled Decide what API's the site can access.
Permissions Policy provides mechanisms for web developers to explicitly declare what functionality can and cannot be used on a web site. You define a set of "policies" that restrict what APIs the site's code can access or modify the browser's default behavior for certain features.
ℹ Read more about this header here.
Usage
This header is enabled by default but you can change its behavior like following.
export default defineNuxtConfig({ // Global security: { headers: { permissionsPolicy: <OPTIONS>, }, }, // Per route routeRules: { '/custom-route': { headers: { 'Permissions-Policy': <OPTIONS> }, } }})
You can also disable this header by permissionsPolicy: false
.
Default value
By default, Nuxt Security will set following value for this header.
Permissions-Policy: camera=(), display-capture=(), fullscreen=(), geolocation=(), microphone=();
Available values
The permissionsPolicy
header can be configured with following values.
permissionsPolicy: { 'camera'?: string[]; 'display-capture'?: string[]; 'fullscreen'?: string[]; 'geolocation'?: string[]; 'microphone'?: string[]; 'web-share'?: string[];} | false
And several 🧪 Experimental API's
.
type PermissionsPolicyValue = { 'accelerometer'?: string[]; 'ambient-light-sensor'?: string[]; 'autoplay'?: string[]; 'battery'?: string[]; 'document-domain'?: string[]; 'encrypted-media'?: string[]; 'execution-while-not-rendered'?: string[]; 'execution-while-out-of-viewport'?: string[]; 'gamepad'?: string[]; 'gyroscope'?: string[]; 'hid'?: string[]; 'idle-detection'?: string[]; 'local-fonts'?: string[]; 'magnetometer'?: string[]; 'midi'?: string[]; 'payment'?: string[]; 'picture-in-picture'?: string[]; 'publickey-credentials-get'?: string[]; 'screen-wake-lock'?: string[]; 'serial'?: string[]; 'speaker-selection'?: string[]; 'usb'?: string[]; 'xr-spatial-tracking'?: string[];}
ℹ Read more about all available API's here.
Table of Contents