权限策略:蓝牙
Experimental: This is an experimental technology
Check the Browser compatibility table carefully before using this in production.
The HTTP Permissions-Policy
header bluetooth
directive controls whether the current document is allowed to use the Web Bluetooth API.
Specifically, where a defined policy disallows use of this feature, the methods of the Bluetooth
object returned by Navigator.bluetooth
, will block access
Bluetooth.getAvailability()
will always fulfill its returnedPromise
with a value offalse
.Bluetooth.getDevices()
will reject its returnedPromise
with aSecurityError
DOMException
.Bluetooth.requestDevice()
will reject its returnedPromise
with aSecurityError
DOMException
.
语法
Permissions-Policy: bluetooth=<allowlist>;
<allowlist>
-
A list of origins for which permission is granted to use the feature. See
Permissions-Policy
> Syntax for more details.
默认策略
The default allowlist for bluetooth
is self
.
示例
General example
SecureCorp Inc. wants to disable the Web Bluetooth API within all browsing contexts except for its own origin and those whose origin is https://example.com
. It can do so by delivering the following HTTP response header to define a Permissions Policy
Permissions-Policy: bluetooth=(self "https://example.com")
With an <iframe> element
FastCorp Inc. wants to disable bluetooth
for all cross-origin child frames, except for a specific <iframe>
. It can do so by delivering the following HTTP response header to define a Permissions Policy
Permissions-Policy: bluetooth=(self https://other.com/blue)
Then include an allow attribute on the <iframe>
element
<iframe src="https://other.com/blue" allow="bluetooth"></iframe>
<iframe>
attributes can selectively enable features in certain frames, and not in others, even if those frames contain documents from the same origin.
规范
Specification |
---|
Web Bluetooth # permissions-policy |
浏览器兼容性
BCD tables only load in the browser
另请参阅
Permissions-Policy
header- 权限策略