Permissions Policy

Enabled Decide what API's the site can access.

Permissions Policy provides mechanisms for web developers to explicitly declare what functionality can and cannot be used on a web site. You define a set of "policies" that restrict what APIs the site's code can access or modify the browser's default behavior for certain features.

ℹ Read more about this header here.

Usage

This header is enabled by default but you can change its behavior like following.

export default defineNuxtConfig({  // Global  security: {    headers: {      permissionsPolicy: <OPTIONS>,    },  },  // Per route  routeRules: {    '/custom-route': {      headers: {        'Permissions-Policy': <OPTIONS>      },    }  }})

You can also disable this header by setting permissionsPolicy: false. To disable certain API completely, set its value to empty array like:

export default defineNuxtConfig({  security: {    headers: {      permissionsPolicy: {        'camera': [] // This will block usage of camera by this website      },    },  },})

Default value

By default, Nuxt Security will set following value for this header.

Permissions-Policy: camera=(), display-capture=(), fullscreen=(), geolocation=(), microphone=();

Available values

The permissionsPolicy header can be configured with following values.

permissionsPolicy: {  'camera'?: string[];  'display-capture'?: string[];  'fullscreen'?: string[];  'geolocation'?: string[];  'microphone'?: string[];  'web-share'?: string[];} | false

And several 🧪 Experimental API's.

type PermissionsPolicyValue = {  'accelerometer'?: string[];  'ambient-light-sensor'?: string[];  'autoplay'?: string[];  'battery'?: string[];  'document-domain'?: string[];  'encrypted-media'?: string[];  'execution-while-not-rendered'?: string[];  'execution-while-out-of-viewport'?: string[];  'gamepad'?: string[];  'gyroscope'?: string[];  'hid'?: string[];  'idle-detection'?: string[];  'local-fonts'?: string[];  'magnetometer'?: string[];  'midi'?: string[];  'payment'?: string[];  'picture-in-picture'?: string[];  'publickey-credentials-get'?: string[];  'screen-wake-lock'?: string[];  'serial'?: string[];  'speaker-selection'?: string[];  'usb'?: string[];  'xr-spatial-tracking'?: string[];}
ℹ Read more about all available API's here.
Edit this page on GitHub
Table of Contents