Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Feature/Permission policy #42

Open
guifry opened this issue Jan 29, 2021 · 2 comments
Open

Feature/Permission policy #42

guifry opened this issue Jan 29, 2021 · 2 comments
Labels
Priority: 2. Medium Status: 1. In Progress Type: 2. Enhancement

Comments

@guifry
Copy link

guifry commented Jan 29, 2021

🌱 Feature Request

Is your feature request related to a problem? Please describe.

Currently the package doesn't support the Feature-Policy header, nor the Permission-Policy header.
Although the headers are still in draft stage, most browsers are already accepting them.
Moreover, sending those response headers is already a recommended best practice amongst IT corporations, and is included as part of pen testing reports.

Describe the solution you'd like

Implementing the support for those headers.

Documentation, Adoption, Migration Strategy

Same way as other headers in the package.

  • [ x ] I've tried to find similar issues and pull requests
  • [ x ] I would like to work on this feature 💪🏻
@guifry
Copy link
Author

guifry commented Feb 4, 2021

Hey, got a PR for the Feature-Policy header.
Also got one for the Permissions-Policy header, but it depends on the Feature Policy one.

There's no rush.

Feature Policy PR
Permissions-Policy PR
Just tell me if you want me to raise the Permissions PR against the repository.

@jagaapple jagaapple mentioned this issue Feb 25, 2021
Open
@kjetilhau
Copy link

For those who want a workaround, you can concat additional headers like this:

const securityHeaders = createSecureHeaders({
  contentSecurityPolicy: {
    ...
  },
}).concat([
  {
    key: "Permissions-Policy",
    value: "camera=(), microphone=(), geolocation=()"
  },
]);

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
Priority: 2. Medium Status: 1. In Progress Type: 2. Enhancement
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@kjetilhau @jagaapple @guifry