Open guilhem-fry opened 3 years ago
Hey, got a PR for the Feature-Policy header. Also got one for the Permissions-Policy header, but it depends on the Feature Policy one.
There's no rush.
Feature Policy PR Permissions-Policy PR Just tell me if you want me to raise the Permissions PR against the repository.
For those who want a workaround, you can concat additional headers like this:
const securityHeaders = createSecureHeaders({
contentSecurityPolicy: {
...
},
}).concat([
{
key: "Permissions-Policy",
value: "camera=(), microphone=(), geolocation=()"
},
]);
🌱 Feature Request
Is your feature request related to a problem? Please describe.
Currently the package doesn't support the
Feature-Policy
header, nor thePermission-Policy
header. Although the headers are still in draft stage, most browsers are already accepting them. Moreover, sending those response headers is already a recommended best practice amongst IT corporations, and is included as part of pen testing reports.Describe the solution you'd like
Implementing the support for those headers.
Documentation, Adoption, Migration Strategy
Same way as other headers in the package.