ambient-light-sensor
Permissions-Policy Sensors

Overview

The ambient-light-sensor directive controls access to ambient light level readings in lux through the AmbientLightSensor interface. Its default allowlist is self, and because the feature is still experimental, browser support is limited.

Details

The syntax follows the standard allowlist rules. `ambient-light-sensor=(self)` limits access to the document's own origin, `ambient-light-sensor=()` blocks it entirely, and `ambient-light-sensor=(self "https://iot.example.com")` delegates to a named origin. Iframes require an explicit `allow="ambient-light-sensor"` to receive the feature.

When the policy denies it, a sensor created with new AmbientLightSensor() fires an error event on activation and delivers no illuminance readings. It replaces the same feature in the legacy Feature-Policy header, and violations report through Reporting-Endpoints. Because precise illuminance can leak details about the user's environment and device, browsers tend to quantize the values or reduce their reporting frequency.

Syntax

Permissions-Policy: ambient-light-sensor=(self)

Notes

Related directives