From 864fe0f9711897623495440968e6a5b94180cfc5 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bar=C4=B1=C5=9F=20Soner=20U=C5=9Fakl=C4=B1?= Date: Wed, 23 Nov 2022 11:33:00 -0500 Subject: [PATCH] feat: add permissions-policy header --- public/language/en-GB/admin/settings/advanced.json | 2 ++ src/middleware/headers.js | 4 ++++ src/views/admin/settings/advanced.tpl | 6 ++++++ 3 files changed, 12 insertions(+) diff --git a/public/language/en-GB/admin/settings/advanced.json b/public/language/en-GB/admin/settings/advanced.json index 1bf35d7370..982eaa2f64 100644 --- a/public/language/en-GB/admin/settings/advanced.json +++ b/public/language/en-GB/admin/settings/advanced.json @@ -20,6 +20,8 @@ "headers.coep-help": "When enabled (default), will set the header to require-corp", "headers.coop": "Cross-Origin-Opener-Policy", "headers.corp": "Cross-Origin-Resource-Policy", + "headers.permissions-policy": "Permissions-Policy", + "headers.permissions-policy-help": "Allows setting permissions policy header, for example \"geolocation=*, camera=()\", see this for more info.", "hsts": "Strict Transport Security", "hsts.enabled": "Enabled HSTS (recommended)", "hsts.maxAge": "HSTS Max Age", diff --git a/src/middleware/headers.js b/src/middleware/headers.js index 7f05f11928..f6aaecd3e8 100644 --- a/src/middleware/headers.js +++ b/src/middleware/headers.js @@ -57,6 +57,10 @@ module.exports = function (middleware) { }); } + if (meta.config['permissions-policy']) { + headers['Permissions-Policy'] = meta.config['permissions-policy']; + } + if (meta.config['access-control-allow-credentials']) { headers['Access-Control-Allow-Credentials'] = meta.config['access-control-allow-credentials']; } diff --git a/src/views/admin/settings/advanced.tpl b/src/views/admin/settings/advanced.tpl index 83d010ad63..1041848878 100644 --- a/src/views/admin/settings/advanced.tpl +++ b/src/views/admin/settings/advanced.tpl @@ -99,6 +99,12 @@
+ +
+ + +

[[admin/settings/advanced:headers.permissions-policy-help]]

+