web-shareThe web-share directive controls whether the Web Share API's navigator.share() may open the OS native share sheet to share links, text, or files. Its default allowlist is self, and it underpins the share buttons common on mobile.
`web-share=(self)` limits it to the document's own origin, `web-share=()` blocks it entirely, and `web-share=(self "https://app.example.com")` delegates to a named origin. An iframe needs `allow="web-share"`. When the policy denies it, the Promise returned by navigator.share() rejects with a NotAllowedError.
navigator.share() must be called within a user gesture (such as a click), which is a separate requirement from the policy. Use navigator.canShare() to check in advance whether the data (especially files) is shareable. It works only in a secure context, and you should provide a fallback (copy or social links) for desktop browsers that lack support. It replaces the legacy Feature-Policy feature.
Permissions-Policy: web-share=(self)