Module: ActionController::FeaturePolicy

Extended by:

ActiveSupport::Concern

Defined in:

actionpack/lib/action_controller/metal/feature_policy.rb

Overview

HTTP Feature Policy is a web standard for defining a mechanism to allow and deny the use of browser features in its own context, and in content within any <iframe> elements in the document.

Full details of HTTP Feature Policy specification and guidelines can be found at MDN:

developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy

Examples of usage:

# Global policy
Rails.application.config.feature_policy do |f|
  f.camera      :none
  f.gyroscope   :none
  f.microphone  :none
  f.usb         :none
  f.fullscreen  :self
  f.payment     :self, "https://secure.example.com"
end

# Controller level policy
class PagesController < ApplicationController
  feature_policy do |p|
    p.geolocation "https://example.com"
  end
end

Defined Under Namespace

Modules: ClassMethods

Method Summary

Methods included from ActiveSupport::Concern

append_features, class_methods, extended, included