From fee8fb41894965210f033a13afe276b2c96fd5a4 Mon Sep 17 00:00:00 2001
From: Daniel Walsh <walshydev@gmail.com>
Date: Fri, 25 Jun 2021 14:46:31 +0100
Subject: [PATCH] Implement Permissions-Policy header (#282)

* Implement Permissions-Policy header

* Bump copyright year

Co-authored-by: Matt (IPv4) Cowley <me@mattcowley.co.uk>
---
 .../generators/conf/security.conf.js          |  5 ++++-
 .../templates/global_sections/security.vue    | 21 +++++++++++++++++++
 2 files changed, 25 insertions(+), 1 deletion(-)

diff --git a/src/nginxconfig/generators/conf/security.conf.js b/src/nginxconfig/generators/conf/security.conf.js
index 3b8ef7d..4335c36 100644
--- a/src/nginxconfig/generators/conf/security.conf.js
+++ b/src/nginxconfig/generators/conf/security.conf.js
@@ -1,5 +1,5 @@
 /*
-Copyright 2020 DigitalOcean
+Copyright 2021 DigitalOcean
 
 This code is licensed under the MIT License.
 You may obtain a copy of the License at
@@ -37,6 +37,9 @@ export default (domains, global) => {
     if (global.security.contentSecurityPolicy.computed)
         config.push(['add_header Content-Security-Policy', `"${global.security.contentSecurityPolicy.computed}" always`]);
 
+    if (global.security.permissionsPolicy.computed)
+        config.push(['add_header Permissions-Policy', `"${global.security.permissionsPolicy.computed}" always`]);
+
     // Every domain has HSTS enabled, and they all have same hstsSubdomains/hstsPreload settings
     if (commonHsts(domains)) {
         const commonHSTSSubdomains = domains.length && domains[0].https.hstsSubdomains.computed;
diff --git a/src/nginxconfig/templates/global_sections/security.vue b/src/nginxconfig/templates/global_sections/security.vue
index 0990b85..054c40e 100644
--- a/src/nginxconfig/templates/global_sections/security.vue
+++ b/src/nginxconfig/templates/global_sections/security.vue
@@ -66,6 +66,23 @@ THE SOFTWARE.
             </div>
         </div>
 
+        <div class="field is-horizontal">
+            <div class="field-label">
+                <label class="label">Permissions-Policy</label>
+            </div>
+            <div class="field-body">
+                <div class="field">
+                    <div :class="`control${permissionsPolicyChanged ? ' is-changed' : ''}`">
+                        <input v-model="permissionsPolicy"
+                               class="input"
+                               type="text"
+                               :placeholder="$props.data.permissionsPolicy.default"
+                        />
+                    </div>
+                </div>
+            </div>
+        </div>
+
         <div class="field is-horizontal">
             <div class="field-label">
                 <label class="label">server_tokens</label>
@@ -164,6 +181,10 @@ THE SOFTWARE.
             default: 'default-src \'self\' http: https: data: blob: \'unsafe-inline\'; frame-ancestors \'self\';',
             enabled: true,
         },
+        permissionsPolicy: {
+            default: 'interest-cohort=()',
+            enabled: true,
+        },
         serverTokens: {
             default: false,
             enabled: true,