Implement Permissions-Policy header (#282)

* Implement Permissions-Policy header * Bump copyright year Co-authored-by: Matt (IPv4) Cowley <me@mattcowley.co.uk>
2021-06-25 14:46:31 +01:00 · 2021-06-25 14:46:31 +01:00 · fee8fb4189
parent 3e99dc25aa
commit fee8fb4189
2 changed files with 25 additions and 1 deletions
--- a/src/nginxconfig/generators/conf/security.conf.js
+++ b/src/nginxconfig/generators/conf/security.conf.js
@ -1,5 +1,5 @@
 /*
-Copyright 2020 DigitalOcean
+Copyright 2021 DigitalOcean
 This code is licensed under the MIT License.
 You may obtain a copy of the License at
@ -37,6 +37,9 @@ export default (domains, global) => {
    if (global.security.contentSecurityPolicy.computed)
        config.push(['add_header Content-Security-Policy', `"${global.security.contentSecurityPolicy.computed}" always`]);
    if (global.security.permissionsPolicy.computed)
        config.push(['add_header Permissions-Policy', `"${global.security.permissionsPolicy.computed}" always`]);
    // Every domain has HSTS enabled, and they all have same hstsSubdomains/hstsPreload settings
    if (commonHsts(domains)) {
        const commonHSTSSubdomains = domains.length && domains[0].https.hstsSubdomains.computed;
--- a/src/nginxconfig/templates/global_sections/security.vue
+++ b/src/nginxconfig/templates/global_sections/security.vue
@ -66,6 +66,23 @@ THE SOFTWARE.
            </div>
        </div>
        <div class="field is-horizontal">
            <div class="field-label">
                <label class="label">Permissions-Policy</label>
            </div>
            <div class="field-body">
                <div class="field">
                    <div :class="`control${permissionsPolicyChanged ? ' is-changed' : ''}`">
                        <input v-model="permissionsPolicy"
                               class="input"
                               type="text"
                               :placeholder="$props.data.permissionsPolicy.default"
                        />
                    </div>
                </div>
            </div>
        </div>
        <div class="field is-horizontal">
            <div class="field-label">
                <label class="label">server_tokens</label>
@ -164,6 +181,10 @@ THE SOFTWARE.
            default: 'default-src \'self\' http: https: data: blob: \'unsafe-inline\'; frame-ancestors \'self\';',
            enabled: true,
        },
        permissionsPolicy: {
            default: 'interest-cohort=()',
            enabled: true,
        },
        serverTokens: {
            default: false,
            enabled: true,