fullscreen — Feature-Policy / Permissions-Policy Directive

Quick answer: The fullscreen directive controls whether a document or embedded frame may enter fullscreen using Element.requestFullscreen(). Disallow it with the response header Permissions-Policy: fullscreen=(). Allow only your own origin with Permissions-Policy: fullscreen=(self). When blocked, requestFullscreen rejects. Iframes also need the allowfullscreen attribute to request fullscreen.

fullscreen

The fullscreen policy controls whether the requestFullscreen() method is allowed to request fullscreen.

If disallowed in any document, the document will not be allowed to use fullscreen. Triggering full-screen mode can be a jarring experience for users, and can be exploited by content that would otherwise be confined to a small frame.

How to apply this policy

Send the following HTTP header to control the fullscreen policy, and disallow it on all origins:

Feature-Policy: fullscreen 'none'

Does it work?

Currently Firefox, and Chromium based browsers, such as Google Chrome, Samsung Internet, and Opera, are the only user-agents to support Feature Policy. The minimum version that correctly recognises the fullscreen policy is:

Mozilla Firefox

65+

Google Chrome

60+

Microsoft Edge

Not supported

Apple Safari

Not supported

See also

Discussion

Disqus seems to be taking longer than usual. Reload?