![]() allow-presentation: Allows embedders to have control over whether an iframe can start a presentation session.This will allow, for example, a third-party advertisement to be safely sandboxed without forcing the same restrictions upon the page the ad links to. allow-popups-to-escape-sandbox: Allows a sandboxed document to open new windows without forcing the sandboxing flags upon them.If this keyword is not used, that functionality will silently fail. allow-popups: Allows popups (like from Window.open(), target="_blank", Window.showModalDialog()).allow-pointer-lock: Allows the page to use the Pointer Lock API.allow-orientation-lock: Lets the resource lock the screen orientation.It also allows the page to receive BeforeUnloadEvent event. allow-modals: Allows the page to open modal windows by Window.alert(), nfirm(), Window.print() and Window.prompt(), while opening a is allowed regardless of this keyword.If this keyword is not used, form will be displayed as normal, but submitting it will not trigger input validation, sending data to a web server or closing a dialog. allow-forms: Allows the page to submit forms.allow-downloads-without-user-activation Experimental: Allows for downloads to occur without a gesture from the user.This works regardless of whether the user clicked on the link, or JS code initiated it without user interaction. allow-downloads: Allows downloading files through an or element with the download attribute, as well as through the navigation that leads to a download of a file.The value of the attribute can either be empty to apply all restrictions, or space-separated tokens to lift particular restrictions: This value is unsafe, because it leaks origins and paths from TLS-protected resources to insecure origins.Ĭontrols the restrictions applied to the content embedded in the. unsafe-url: The referrer will include the origin and the path (but not the fragment, password, or username).strict-origin-when-cross-origin (default): Send a full URL when performing a same-origin request, only send the origin when the protocol security level stays the same (HTTPS→HTTPS), and send no header to a less secure destination (HTTPS→HTTP).strict-origin: Only send the origin of the document as the referrer when the protocol security level stays the same (HTTPS→HTTPS), but don't send it to a less secure destination (HTTPS→HTTP).same-origin: A referrer will be sent for same origin, but cross-origin requests will contain no referrer information.Navigations on the same origin will still include the path. origin-when-cross-origin: The referrer sent to other origins will be limited to the scheme, the host, and the port.origin: The sent referrer will be limited to the origin of the referring page: its scheme, host, and port.no-referrer-when-downgrade: The Referer header will not be sent to origins without TLS ( HTTPS).no-referrer: The Referer header will not be sent.Indicates which referrer to send when fetching the frame's resource: This can be used in the target attribute of the, , or elements the formtarget attribute of the or elements or the windowName parameter in the window.open() method. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |