I try to set up the permissions policy header for the websites I managed.
Here's the header retrieved from the network tab of my Firefox browser:
permissions-policy: accelerometer=(), ambient-light-sensor=(), autoplay=(self), battery=(), camera=(), display-capture=(), document-domain=(self), encrypted-media=(), fullscreen=(), gamepad=(), geolocation=(), gyroscope=(), layout-animations=(), legacy-image-formats=(), magnetometer=(), microphone=(), midi=(), oversized-images=(), payment=(), picture-in-picture=("https://video.website.org"), publickey-credentials-get=(), screen-wake-lock=(), speaker-selection=(), unoptimized-images=(), unsized-media=(), sync-xhr=(), usb=()
When I browse this website I'm able to do everything what should be allowed for.
But I don't know if my rules are taken into account? I have no parsing error in my console log (only comments that some features are not recognized in Chrome). If I go in my google Chrome (Version 103.0.5060.134 (Official Build) (64-bit)) settings (... > Privacy and security > Sites settings) or in my Firefox (103.0 (64-bit)) settings (3_, Privacy and Security > Permissions) I can't see any rules related to my header: it's like they are ignored.
My questions are:
- should the Permissions policy header be visible in the browser configuration?
- If yes, why my rules are not visible in my browsers? Are they not well parsed? I don't have any console error
- If no, how can we check that our Permission policy header is well applied in Firefox and Chrome?
Thanks in advance for your help
Mat
