7x31
/
nginxconfig.io
mirror of https://github.com/digitalocean/nginxconfig.io.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Implement Permissions-Policy header

This commit is contained in:
Daniel Walsh 2021-06-24 18:39:43 +01:00
parent 3e99dc25aa
commit 07277ab515
No known key found for this signature in database
GPG Key ID: 91C6D8D7C4011D82
2 changed files with 24 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
src/nginxconfig/generators/conf/security.conf.js
View File

@ -37,6 +37,9 @@ export default (domains, global) => {
if (global.security.contentSecurityPolicy.computed)
config.push(['add_header Content-Security-Policy', `"${global.security.contentSecurityPolicy.computed}" always`]);
if (global.security.permissionsPolicy.computed)
config.push(['add_header Permissions-Policy', `"${global.security.permissionsPolicy.computed}" always`]);
// Every domain has HSTS enabled, and they all have same hstsSubdomains/hstsPreload settings
if (commonHsts(domains)) {
const commonHSTSSubdomains = domains.length && domains[0].https.hstsSubdomains.computed;

21
src/nginxconfig/templates/global_sections/security.vue
View File

@ -66,6 +66,23 @@ THE SOFTWARE.
</div>
</div>
<div class="field is-horizontal">
<div class="field-label">
<label class="label">Permissions-Policy</label>
</div>
<div class="field-body">
<div class="field">
<div :class="`control${permissionsPolicyChanged ? ' is-changed' : ''}`">
<input v-model="permissionsPolicy"
class="input"
type="text"
:placeholder="$props.data.permissionsPolicy.default"
/>
</div>
</div>
</div>
</div>
<div class="field is-horizontal">
<div class="field-label">
<label class="label">server_tokens</label>
@ -164,6 +181,10 @@ THE SOFTWARE.
default: 'default-src \'self\' http: https: data: blob: \'unsafe-inline\'; frame-ancestors \'self\';',
enabled: true,
},
permissionsPolicy: {
default: 'interest-cohort=()',
enabled: true,
},
serverTokens: {
default: false,
enabled: true,