search

GSA / ai-experience-sharing-platform

This is the source code for the CoE AI Platform (Use Case Library and other content).
Other
11 stars 2 forks source link

Finding: Feature Policy Header Not Set #344

Open danielnaab opened 3 years ago

danielnaab commented 3 years ago

Feature Policy Header is an added layer of security that helps to restrict from unauthorized access or usage of browser/client features by web resources. This policy ensures the user privacy by limiting or specifying the features of the browsers can be used by the web resources. Feature Policy provides a set of standard HTTP headers that allow website owners to limit which features of browsers can be used by the page such as camera, microphone, location, full screen etc.

Recommendation: Ensure that your web server, application server, load balancer, etc. is configured to set the Feature-Policy header.

Research adding Feature-Policy / Permissions-Policy headers to remediate this finding.

rrkane10x commented 3 years ago

Just add policy. @taylor-work

taylor-work commented 3 years ago

https://github.com/GSA/ai-experience-sharing-platform/pull/348 adds the policy