Permissions-Policy: publickey-credentials-create directive
{{SeeCompatTable}}
The HTTP {{HTTPHeader("Permissions-Policy")}} header publickey-credentials-create directive controls whether the current document is allowed to use the Web Authentication API to create new WebAuthn credentials, i.e., via {{domxref("CredentialsContainer.create","navigator.credentials.create({publicKey})")}} .
Specifically, where a defined policy blocks use of this feature, the {{jsxref("Promise")}} returned by navigator.credentials.create({publicKey}) will reject with a NotAllowedError {{domxref("DOMException")}} .
If the method is called cross-origin, the {{jsxref("Promise")}} will also reject with a NotAllowedError if the feature is granted by allow= on an iframe and the frame does not also have {{glossary("Transient activation")}} .
Syntax
Permissions-Policy: publickey-credentials-create=<allowlist>;
<allowlist>- : A list of origins for which permission is granted to use the feature. See
Permissions-Policy> Syntax for more details.
- : A list of origins for which permission is granted to use the feature. See
Default policy
The default allowlist for publickey-credentials-create is self.
Specifications
{{Specifications}}
Browser compatibility
{{Compat}}
See also
{{HTTPHeader("Permissions-Policy")}}header- Permissions Policy
- Web Authentication API
{{DOMxRef("PublicKeyCredential")}}interface