Implement Permissions-Policy header (#282)

* Implement Permissions-Policy header * Bump copyright year Co-authored-by: Matt (IPv4) Cowley <me@mattcowley.co.uk>
2024-11-10 04:24:12 +00:00 · 2021-06-25 14:46:31 +01:00 · 2021-06-25 14:46:31 +01:00 · fee8fb4189
commit fee8fb4189
parent 3e99dc25aa
2 changed files with 25 additions and 1 deletions
--- a/src/nginxconfig/generators/conf/security.conf.js
+++ b/src/nginxconfig/generators/conf/security.conf.js
@ -1,5 +1,5 @@
 /*
-Copyright 2020 DigitalOcean
+Copyright 2021 DigitalOcean

 This code is licensed under the MIT License.
 You may obtain a copy of the License at
@ -37,6 +37,9 @@ export default (domains, global) => {
    if (global.security.contentSecurityPolicy.computed)
        config.push(['add_header Content-Security-Policy', `"${global.security.contentSecurityPolicy.computed}" always`]);

+    if (global.security.permissionsPolicy.computed)
+        config.push(['add_header Permissions-Policy', `"${global.security.permissionsPolicy.computed}" always`]);
+
    // Every domain has HSTS enabled, and they all have same hstsSubdomains/hstsPreload settings
    if (commonHsts(domains)) {
        const commonHSTSSubdomains = domains.length && domains[0].https.hstsSubdomains.computed;
--- a/src/nginxconfig/templates/global_sections/security.vue
+++ b/src/nginxconfig/templates/global_sections/security.vue
@ -66,6 +66,23 @@ THE SOFTWARE.
            </div>
        </div>

+        <div class="field is-horizontal">
+            <div class="field-label">
+                <label class="label">Permissions-Policy</label>
+            </div>
+            <div class="field-body">
+                <div class="field">
+                    <div :class="`control${permissionsPolicyChanged ? ' is-changed' : ''}`">
+                        <input v-model="permissionsPolicy"
+                               class="input"
+                               type="text"
+                               :placeholder="$props.data.permissionsPolicy.default"
+                        />
+                    </div>
+                </div>
+            </div>
+        </div>
+
        <div class="field is-horizontal">
            <div class="field-label">
                <label class="label">server_tokens</label>
@ -164,6 +181,10 @@ THE SOFTWARE.
            default: 'default-src \'self\' http: https: data: blob: \'unsafe-inline\'; frame-ancestors \'self\';',
            enabled: true,
        },
+        permissionsPolicy: {
+            default: 'interest-cohort=()',
+            enabled: true,
+        },
        serverTokens: {
            default: false,
            enabled: true,