Permissions-Policy: identity-credentials-get directive

{{SeeCompatTable}}

The HTTP {{HTTPHeader("Permissions-Policy")}} header identity-credentials-get directive controls whether the current document is allowed to use the Federated Credential Management API (FedCM), and more specifically usage of the following methods:

• {{domxref("CredentialsContainer.get", "navigator.credentials.get()")}} (when used with the identity option)
• {{domxref("IdentityCredential.disconnect_static", "IdentityCredential.disconnect()")}}
• {{domxref("IdentityProvider.getUserInfo_static", "IdentityProvider.getUserInfo()")}}

Where this policy forbids use of the API, {{jsxref("Promise")}}s returned by these methods will reject with a NotAllowedError {{domxref("DOMException")}}.

Syntax

Permissions-Policy: identity-credentials-get=<allowlist>;

• <allowlist>
  • : A list of origins for which permission is granted to use the feature. See Permissions-Policy > Syntax for more details.

Default policy

The default allowlist for identity-credentials-get is self.

Specifications

{{Specifications}}

Browser compatibility

{{Compat}}

See also

• Federated Credential Management API (FedCM)
• {{HTTPHeader("Permissions-Policy")}} header
• Permissions Policy