microphoneThe microphone directive controls whether a document may acquire a microphone audio track via navigator.mediaDevices.getUserMedia({ audio: true }). Its default allowlist is self, so only a same-origin document has access by default and cross-origin frames need delegation.
`microphone=*` allows all origins, `microphone=(self)` the document's own origin, `microphone=()` blocks it entirely, and `microphone=(self "https://meet.example.com")` allows only the own origin plus the named one. To delegate the microphone to a video/audio widget iframe, the parent's allowlist must include that origin and the frame must opt in with `<iframe allow="microphone">`, commonly written alongside camera as `allow="camera; microphone"`.
When the policy denies it, the audio getUserMedia Promise rejects with a NotAllowedError, and no user permission prompt appears. Permissions-Policy is the front gate deciding which origins may access the feature, and user permission makes the final call on top of it. It works only in a secure context (HTTPS) and replaces the microphone feature of the legacy Feature-Policy header.
Permissions-Policy: microphone=(self "https://meet.example.com")