Implement Permissions-Policy header (digitalocean#282)

* Implement Permissions-Policy header * Bump copyright year Co-authored-by: Matt (IPv4) Cowley <[email protected]>
tujinshu · Jun 25, 2021 · fee8fb4 · fee8fb4
1 parent 3e99dc2
commit fee8fb4
Show file tree

Hide file tree

Showing 2 changed files with 25 additions and 1 deletion.
diff --git a/src/nginxconfig/generators/conf/security.conf.js b/src/nginxconfig/generators/conf/security.conf.js
@@ -1,5 +1,5 @@
 /*
-Copyright 2020 DigitalOcean
+Copyright 2021 DigitalOcean
 
 This code is licensed under the MIT License.
 You may obtain a copy of the License at
@@ -37,6 +37,9 @@ export default (domains, global) => {
     if (global.security.contentSecurityPolicy.computed)
         config.push(['add_header Content-Security-Policy', `"${global.security.contentSecurityPolicy.computed}" always`]);
 
+    if (global.security.permissionsPolicy.computed)
+        config.push(['add_header Permissions-Policy', `"${global.security.permissionsPolicy.computed}" always`]);
+
     // Every domain has HSTS enabled, and they all have same hstsSubdomains/hstsPreload settings
     if (commonHsts(domains)) {
         const commonHSTSSubdomains = domains.length && domains[0].https.hstsSubdomains.computed;

diff --git a/src/nginxconfig/templates/global_sections/security.vue b/src/nginxconfig/templates/global_sections/security.vue
@@ -66,6 +66,23 @@ THE SOFTWARE.
             </div>
         </div>
 
+        <div class="field is-horizontal">
+            <div class="field-label">
+                <label class="label">Permissions-Policy</label>
+            </div>
+            <div class="field-body">
+                <div class="field">
+                    <div :class="`control${permissionsPolicyChanged ? ' is-changed' : ''}`">
+                        <input v-model="permissionsPolicy"
+                               class="input"
+                               type="text"
+                               :placeholder="$props.data.permissionsPolicy.default"
+                        />
+                    </div>
+                </div>
+            </div>
+        </div>
+
         <div class="field is-horizontal">
             <div class="field-label">
                 <label class="label">server_tokens</label>
@@ -164,6 +181,10 @@ THE SOFTWARE.
             default: 'default-src \'self\' http: https: data: blob: \'unsafe-inline\'; frame-ancestors \'self\';',
             enabled: true,
         },
+        permissionsPolicy: {
+            default: 'interest-cohort=()',
+            enabled: true,
+        },
         serverTokens: {
             default: false,
             enabled: true,