Permissions-Policy: publickey-credentials-create
Experimental: This is an experimental technology
Check the Browser compatibility table carefully before using this in production.
The HTTP Permissions-Policy
header publickey-credentials-create
directive controls whether the current document is allowed to use the Web Authentication API to create new WebAuthn credentials, i.e., via navigator.credentials.create({publicKey})
.
Specifically, where a defined policy blocks use of this feature, the Promise
returned by navigator.credentials.create({publicKey})
will reject with a NotAllowedError
DOMException
.
If the method is called cross-origin, the Promise
will also reject with a NotAllowedError
if the feature is granted by allow=
on an iframe and the frame does not also have Transient activation.
Syntax
Permissions-Policy: publickey-credentials-create=<allowlist>;
<allowlist>
-
A list of origins for which permission is granted to use the feature. See
Permissions-Policy
> Syntax for more details.
Default policy
The default allowlist for publickey-credentials-create
is self
.
Specifications
Specification |
---|
Web Authentication: An API for accessing Public Key Credentials - Level 3 # sctn-permissions-policy |
Browser compatibility
BCD tables only load in the browser
See also
Permissions-Policy
header- Permissions Policy
- Web Authentication API
PublicKeyCredential
interface