核心价值将用户的隐私选择映射为浏览器能力开关,提高合规与透明度。动态注入策略头,避免不必要的能力与数据访问。Middleware 实现import { NextResponse, NextRequest } from 'next/server'
export function middleware(req: NextRequest) {
const consent = req.cookies.get('consent')?.value || 'none'
const res = NextResponse.next()
let policy = 'camera=(), microphone=(), geolocation=()'
if (consent === 'basic') policy = 'camera=(), microphone=(), geolocation=(self)'
if (consent === 'full') policy = 'camera=(self), microphone=(self), geolocation=(self)'
res.headers.set('permissions-policy', policy)
return res
}
export const config = { matcher: ['/((?!_next/static|_next/image).*)'] }
偏好设置路由// app/api/consent/route.ts
export const runtime = 'edge'
export async function POST(req: Request) {
const body = await req.json()
const level = body.level || 'none'
return new Response('ok', {
headers: {
'Set-Cookie': `consent=${level}; Path=/; SameSite=Lax`,
},
})
}
治理建议细化不同能力的开关与范围;对第三方脚本按 consent 进行加载控制。在 UI 中清晰展示隐私说明与选择;支持随时变更并即时生效。结论将 Cookie Consent 与 Permissions-Policy 关联,有助于将隐私偏好落实到浏览器能力层面,提升合规性与用户信任。
发表评论 取消回复