@httpland/permissions-policy-middleware v1.0.0
permissions-policy-middleware
HTTP permissions policy middleware.
Compliant with W3C, Permissions Policy.
Middleware
For a definition of Universal HTTP middleware, see the http-middleware project.
Usage
Middleware adds the Permissions-Policy header to the response.
import {
type Handler,
permissionsPolicy,
} from "https://deno.land/x/permissions_policy_middleware@$VERSION/mod.ts";
import { assert } from "https://deno.land/std/testing/asserts.ts";
declare const request: Request;
declare const handler: Handler;
const middleware = permissionsPolicy({ autoplay: "*", usb: [] });
const response = await middleware(request, handler);
assert(response.headers.has("permissions-policy"));yield:
Permissions-Policy: autoplay=*, usb=()Features
Policy controlled feature name and value mapping.
This is a required argument.
All policy controlled features are supported.
The following values can be specified for policy value.
*self- URL origin string
- Zero or more of the above items.
import {
permissionsPolicy,
} from "https://deno.land/x/permissions_policy_middleware@$VERSION/middleware.ts";
const middleware = permissionsPolicy({
camera: "*",
payment: [],
pictureInPicture: ["self", "https://test.example"],
});yield:
Permissions-Policy: camera=*, payment=(), picture-in-picture=(self "https://test.example")Options
The following options can be specified for the middleware factory:
| Name | Type | Description |
|---|---|---|
| reportTo | string | Representation of report-to directive. |
| reportOnly | boolean | Whether header is report-only or not. |
Report to
Specify the report-to directive for the Reporting API.
import {
permissionsPolicy,
} from "https://deno.land/x/permissions_policy_middleware@$VERSION/middleware.ts";
const middleware = permissionsPolicy({}, {
reportTo: "default",
});yield:
Permissions-Policy: report-to=defaultReport only
The header field changes depending on the value of reportOnly.
| Value | Header field |
|---|---|
true | Permissions-Policy-Report-Only |
false | Permissions-Policy |
The default reportOnly is false.
import {
type Handler,
permissionsPolicy,
} from "https://deno.land/x/permissions_policy_middleware@$VERSION/mod.ts";
import { assert } from "https://deno.land/std/testing/asserts.ts";
declare const request: Request;
declare const handler: Handler;
const middleware = permissionsPolicy({}, { reportOnly: true });
const response = await middleware(request, handler);
assert(response.headers.has("permissions-policy-report-only"));Serialization
features and reportTo will serialize into
structured field value.
All feature name will convert to kebab-case.
If the feature value is other than * and self, it is assumed to be an ASCII
origin.
import {
permissionsPolicy,
} from "https://deno.land/x/permissions_policy_middleware@$VERSION/middleware.ts";
const middleware = permissionsPolicy({
geolocation: "https://text.example/geolocation",
});yield:
Permissions-Policy: geolocation=https://text.exampleSerialization error
If serialization fails, an error may be thrown.
Cases that throw an error are as follows:
import { permissionsPolicy } from "https://deno.land/x/permissions_policy_middleware@$VERSION/middleware.ts";
import { assertThrows } from "https://deno.land/std/testing/asserts.ts";
assertThrows(() => permissionsPolicy({ battery: "<invalid:origin>" }));
assertThrows(() => permissionsPolicy({}, { reportTo: "<invalid:sf-token>" }));Effects
Middleware may make changes to the following elements of the HTTP message.
- HTTP Headers
- Permissions-Policy
- Permissions-Policy-Report-Only
Conditions
Middleware will execute if all of the following conditions are met:
Depends on reportOnly:
Permissions-Policyheader does not exist in responsePermissions-Policy-Report-Onlyheader does not exist in response
API
All APIs can be found in the deno doc.
License
Copyright © 2023-present httpland.
Released under the MIT license