Permissions policy
The allow property of the HTMLIFrameElement interface indicates the Permissions Policy specified for this <iframe> element. The policy defines what features are available to the <iframe> element (for example, access to the microphone, camera, battery, web-share, etc.) based on the origin of the request.
The Permissions Policy specified by the allow attribute implements a further restriction on top of the policy specified in the Permissions-Policy header. It doesn't replace it.
See <iframe>'s Permissions Policy syntax for more details.
It reflects the allow attribute of the <iframe> element.
Browser support
| Feature | Desktop | Mobile | ||||
|---|---|---|---|---|---|---|
| Chrome | Edge | Firefox | Safari | Chrome Android | Safari iOS | |
http.headers.Permissions-Policy Experimental | 88 | 88 | | | 88 | |
| HTML attribute | ||||||
allow | 60 | 79 | 74 | 11.1 | 60 | 11.3 |
| DOM API | ||||||
| The allow property of the HTMLIFrameElement interface indicates the Permissions Policy specified for this element. The policy defines what features are available to the element (for example, access to the microphone, camera, battery, web-share, etc.) based on the origin of the request. | 60 | 79 | 74 | 11.1 | 60 | 11.3 |
| Other | ||||||
http.headers.Permissions-Policy.wildcards Experimental Wildcards in allowlist origins | 108 | 108 | | | 108 | |
Syntax
<!-- iframeのPermissions Policy -->
<iframe src="https://example.com"
allow="camera 'self'; microphone 'none'; geolocation 'none'">
</iframe>
<!-- HTTPヘッダー: Permissions-Policy: camera=(), microphone=() -->Use cases
-
Use Permissions policy
Use Permissions policy when standard HTML needs a more specific platform feature, semantic signal, or browser capability.
-
Handle edge cases
Apply Permissions policy to solve a focused requirement without redesigning the whole page architecture.
Cautions
- Test Permissions policy in your target browsers and input environments before depending on it as a primary behavior.
- Provide a fallback path or acceptable degradation strategy when support is still limited.
Accessibility
- Make sure Permissions policy supports the intended task without making the page harder to perceive, understand, or operate.