This is an experimental technology
Check the Browser compatibility table carefully before using this in production.

The Permissions.revoke() method of the Permissions interface reverts a currently set permission back to its default state, which is usually prompt.


This method is called on the global Permissions object navigator.permissions.

var revokePromise = navigator.permissions.revoke(descriptor);


An object based on the PermissionDescriptor dictionary that sets options for the operation consisting of a comma-separated list of name-value pairs. The available options are:
  • name: The name of the API whose permissions you want to query. Valid values are 'geolocation', 'midi', 'notifications', and 'push'.
  • userVisibleOnly: (Push only, not supported in Firefox — see the Browser compatibility section below) Indicates whether you want to show a notification for every message or be able to send silent push notifications. The default is false.
  • sysex: (MIDI only) Indicates whether you need and/or receive system exclusive messages. The default is false.

Note: As of Firefox 44, the permissions for Notifications and Push have been merged. If permission is granted (e.g. by the user, in the relevant permissions dialog), navigator.permissions.query() will return true for both notifications and push.

Note: The persistent-storage permission allows an origin to use a persistent box (i.e persistent storage) for its storage, as per the Storage API.


A Promise that calls its fulfillment handler with a PermissionStatus object indicating the result of the request.


Retrieving the PermissionDescriptor information failed in some way, or the permission doesn't exist or is currently unsupported (e.g. midi, or push with userVisibleOnly).


This function can be used by an app to request that its own Geolocation API permission be revoked.

function revokePermission() {
  navigator.permissions.revoke({name:'geolocation'}).then(function(result) {


Specification Status Comment
The definition of 'revoke()' in that specification.
Working Draft Initial definition.

Browser compatibility

We're converting our compatibility data into a machine-readable JSON format. This compatibility table still uses the old format, because we haven't yet converted the data it contains. Find out how you can help!

Feature Chrome Firefox (Gecko) Internet Explorer Opera Safari (WebKit)
Basic support ? 47 (47)
49 (49)[1]
51 (51)[2]
? ? ?
persistent-storage ? 53 (53) ? ? ?
Feature Android Android Webview Firefox Mobile (Gecko) IE Phone Opera Mobile Safari Mobile Chrome for Android
Basic support No support ? 47.0 (47)
49.0 (49)[1]
51.0 (51)[2]
? ? ? 43.0
persistent-storage No support ? 53.0 (53) ? ? ? ?

[1] As of version 49, Firefox no longer supports the 'push' PermissionDescriptor dictionary type (referred to in the spec as PushPermissionDescriptor); this is because Firefox relies on a quota system for controlling the userVisibleOnly status instead, and was throwing an error when it encountered a PushPermissionDescriptor instance. With this dictionary removed, Firefox now simply ignores it.

[2] Starting in Firefox 51, this method is only available if the preference dom.permissions.revoke.enable is true. It is false by default. This was done because there are discussions ongoing about the design of this method, and even whether it should exist at all. Because of the sensitive nature of its function, Mozilla decided to disable it by default. See bug 1295877, comment 0 for details.

Document Tags and Contributors

Contributors to this page: chrisdavidmills, Sheppy, marco-c
Last updated by: chrisdavidmills,