如何在 JS 中设置特性策略 headers
How to set feature policy headers in JS
我在我的站点上的控制台中收到以下错误:
Error with Feature-Policy header: Unrecognized feature: 'unsized-media'.
Error with Feature-Policy header: Unrecognized feature: 'ambient-light-sensor'.
Error with Feature-Policy header: Unrecognized feature: 'speaker'.
Error with Feature-Policy header: Unrecognized feature: 'vr'.
我是一名前端 Web 开发人员,所以我尝试按照此处所述在 JS 中进行设置 https://developers.google.com/web/updates/2018/06/feature-policy#js,而不会弄乱我的服务器配置。
console.log(document.featurePolicy.allowedFeatures());
结果:
["geolocation", "midi", "ch-ect", "usb", "magnetometer", "picture-in-picture", "publickey-credentials-get", "accelerometer", "ch-lang", "document-domain", "encrypted-media", "ch-downlink", "ch-ua-arch", "xr-spatial-tracking", "ch-ua-platform-version", "ch-width", "ch-ua-model", "sync-xhr", "camera", "ch-viewport-width", "payment", "ch-rtt", "ch-ua-full-version", "fullscreen", "autoplay", "ch-dpr", "ch-ua-platform", "screen-wake-lock", "gyroscope", "ch-ua-mobile", "ch-device-memory", "ch-ua", "microphone"]
还有
document.featurePolicy.allowsFeature('unsized-media', 'self');
结果:
Invalid origin url for feature 'unsized-media': self.
你不能。
功能策略由服务器设置(通过 Feature-Policy 或 Permissions-Policy headers)并控制允许 JavaScript 执行的操作。
如果 JavaScript 可以授予自己做任何它喜欢做的事情的权限,那将毫无意义。
我在我的站点上的控制台中收到以下错误:
Error with Feature-Policy header: Unrecognized feature: 'unsized-media'.
Error with Feature-Policy header: Unrecognized feature: 'ambient-light-sensor'.
Error with Feature-Policy header: Unrecognized feature: 'speaker'.
Error with Feature-Policy header: Unrecognized feature: 'vr'.
我是一名前端 Web 开发人员,所以我尝试按照此处所述在 JS 中进行设置 https://developers.google.com/web/updates/2018/06/feature-policy#js,而不会弄乱我的服务器配置。
console.log(document.featurePolicy.allowedFeatures());
结果:
["geolocation", "midi", "ch-ect", "usb", "magnetometer", "picture-in-picture", "publickey-credentials-get", "accelerometer", "ch-lang", "document-domain", "encrypted-media", "ch-downlink", "ch-ua-arch", "xr-spatial-tracking", "ch-ua-platform-version", "ch-width", "ch-ua-model", "sync-xhr", "camera", "ch-viewport-width", "payment", "ch-rtt", "ch-ua-full-version", "fullscreen", "autoplay", "ch-dpr", "ch-ua-platform", "screen-wake-lock", "gyroscope", "ch-ua-mobile", "ch-device-memory", "ch-ua", "microphone"]
还有
document.featurePolicy.allowsFeature('unsized-media', 'self');
结果:
Invalid origin url for feature 'unsized-media': self.
你不能。
功能策略由服务器设置(通过 Feature-Policy 或 Permissions-Policy headers)并控制允许 JavaScript 执行的操作。
如果 JavaScript 可以授予自己做任何它喜欢做的事情的权限,那将毫无意义。