search

spring-cloud / spring-cloud-gateway

An API Gateway built on Spring Framework and Spring Boot providing routing and more.
http://cloud.spring.io
Apache License 2.0
4.5k stars 3.31k forks source link

Suggestion: Add Permissions-Policy as configurable option to SecureHeaders GatewayFilter #2975

Open joerg-richter-5234 opened 1 year ago

joerg-richter-5234 commented 1 year ago

Hello,

i would like to suggest to add Permissions-Policy as an option toSecureHeaders GatewayFilter, so that it's part of existing security component and easy to apply when sensible.

Motivation: As part of a penetration test report we received a suggestion to apply Permissions-Policy. Unfortunately, this does not seem to be an option available via the SecureHeaders GatewayFilter.

To quote from https://developer.chrome.com/en/docs/privacy-sandbox/permissions-policy/ "Permissions Policy, formerly known as Feature Policy, allows the developer to control the browser features available to a page, its iframes, and subresources, by declaring a set of policies for the browser to enforce."

I'd be happy to contribute

MonDeveloper commented 6 months ago

we need it too! it would be great having it by default as part of the existing SecureHeaders GatewayFilter

spencergibb commented 6 months ago

PRs welcome

joerg-richter-5234 commented 6 months ago

Cheers. I'll look into it.