Permissions-Policy: payment
Experimental: This is an experimental technology
Check the Browser compatibility table carefully before using this in production.
The HTTP Permissions-Policy header field's payment directive controls whether the current document is allowed to use the Payment Request API.
Specifically, where a defined policy blocks use of this feature, PaymentRequest() constructor calls will throw a DOMException of type SecurityError.
Syntax
http
Permissions-Policy: payment=<allowlist>;
<allowlist>-
A list of origins for which permission is granted to use the feature. See
Permissions-Policy> Syntax for more details.
Default policy
The default allowlist for payment is self.
Specifications
| Specification |
|---|
| Payment Request API 1.1 # permissions-policy |
Browser compatibility
BCD tables only load in the browser
See also
Permissions-Policyheader field- Permissions Policy