Permissions-Policy: otp-credentials
Limited availability
This feature is not Baseline because it does not work in some of the most widely-used browsers.
Experimental: This is an experimental technology
Check the Browser compatibility table carefully before using this in production.
The HTTP Permissions-Policy
header otp-credentials
directive controls whether the current document is allowed to use the WebOTP API to request a one-time password (OTP) from a specially-formatted SMS message sent by the app's server, i.e., via navigator.credentials.get({otp: ..., ...})
.
Specifically, where a defined policy blocks the use of this feature, the Promise
returned by navigator.credentials.get({otp})
will reject with a SecurityError
DOMException
.
Syntax
Permissions-Policy: otp-credentials=<allowlist>;
<allowlist>
-
A list of origins for which permission is granted to use the feature. See
Permissions-Policy
> Syntax for more details.
Default policy
The default allowlist for otp-credentials
is self
.
Specifications
Specification |
---|
WebOTP API # sctn-permissions-policy |
Browser compatibility
BCD tables only load in the browser
See also
Permissions-Policy
header- Permissions Policy
- WebOTP API
OTPCredential
interface