diff --git a/src/nginxconfig/generators/conf/security.conf.js b/src/nginxconfig/generators/conf/security.conf.js index 3b8ef7d..4335c36 100644 --- a/src/nginxconfig/generators/conf/security.conf.js +++ b/src/nginxconfig/generators/conf/security.conf.js @@ -1,5 +1,5 @@ /* -Copyright 2020 DigitalOcean +Copyright 2021 DigitalOcean This code is licensed under the MIT License. You may obtain a copy of the License at @@ -37,6 +37,9 @@ export default (domains, global) => { if (global.security.contentSecurityPolicy.computed) config.push(['add_header Content-Security-Policy', `"${global.security.contentSecurityPolicy.computed}" always`]); + if (global.security.permissionsPolicy.computed) + config.push(['add_header Permissions-Policy', `"${global.security.permissionsPolicy.computed}" always`]); + // Every domain has HSTS enabled, and they all have same hstsSubdomains/hstsPreload settings if (commonHsts(domains)) { const commonHSTSSubdomains = domains.length && domains[0].https.hstsSubdomains.computed; diff --git a/src/nginxconfig/templates/global_sections/security.vue b/src/nginxconfig/templates/global_sections/security.vue index 0990b85..054c40e 100644 --- a/src/nginxconfig/templates/global_sections/security.vue +++ b/src/nginxconfig/templates/global_sections/security.vue @@ -66,6 +66,23 @@ THE SOFTWARE. +
+
+ +
+
+
+
+ +
+
+
+
+
@@ -164,6 +181,10 @@ THE SOFTWARE. default: 'default-src \'self\' http: https: data: blob: \'unsafe-inline\'; frame-ancestors \'self\';', enabled: true, }, + permissionsPolicy: { + default: 'interest-cohort=()', + enabled: true, + }, serverTokens: { default: false, enabled: true,