i would like to suggest to add Permissions-Policy as an option toSecureHeaders GatewayFilter,
so that it's part of existing security component and easy to apply when sensible.
Motivation:
As part of a penetration test report we received a suggestion to apply Permissions-Policy. Unfortunately, this does not seem to be an option available via the SecureHeaders GatewayFilter.
To quote from https://developer.chrome.com/en/docs/privacy-sandbox/permissions-policy/"Permissions Policy, formerly known as Feature Policy, allows the developer to control the browser features available to a page, its iframes, and subresources, by declaring a set of policies for the browser to enforce."
Hello,
i would like to suggest to add Permissions-Policy as an option to
SecureHeaders GatewayFilter
, so that it's part of existing security component and easy to apply when sensible.Motivation: As part of a penetration test report we received a suggestion to apply
Permissions-Policy
. Unfortunately, this does not seem to be an option available via theSecureHeaders GatewayFilter
.To quote from https://developer.chrome.com/en/docs/privacy-sandbox/permissions-policy/ "Permissions Policy, formerly known as Feature Policy, allows the developer to control the browser features available to a page, its iframes, and subresources, by declaring a set of policies for the browser to enforce."
I'd be happy to contribute