Permissions-Policy: publickey-credentials-create

Experimental: This is an experimental technology
Check the Browser compatibility table carefully before using this in production.

The HTTP Permissions-Policy header publickey-credentials-create directive controls whether the current document is allowed to use the Web Authentication API to create new WebAuthn credentials, i.e., via navigator.credentials.create({publicKey}).

Specifically, where a defined policy blocks use of this feature, the Promise returned by navigator.credentials.create({publicKey}) will reject with a NotAllowedError DOMException. If the method is called cross-origin, the Promise will also reject with a NotAllowedError if the feature is granted by allow= on an iframe and the frame does not also have Transient activation.

Syntax

http
Permissions-Policy: publickey-credentials-create=<allowlist>;
<allowlist>

A list of origins for which permission is granted to use the feature. See Permissions-Policy > Syntax for more details.

Default policy

The default allowlist for publickey-credentials-create is self.

Specifications

Specification
Web Authentication: An API for accessing Public Key Credentials - Level 3
# sctn-permissions-policy

Browser compatibility

Report problems with this compatibility data on GitHub
desktopmobile
Chrome
Edge
Firefox
Opera
Safari
Chrome Android
Firefox for Android
Opera Android
Safari on iOS
Samsung Internet
WebView Android
WebView on iOS
publickey-credentials-create
Experimental

Legend

Tip: you can click/tap on a cell for more information.

Full support
Full support
No support
No support
Experimental. Expect behavior to change in the future.

See also