colin
/
ploughshares
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Expand Permissions-Policy to deny access to all unnecessary browser features
ci/woodpecker/push/woodpecker Pipeline was successful Details

This commit is contained in:
colin 2025-07-03 14:31:02 -04:00
parent 0e76175163
commit 9822bbd903
1 changed files with 22 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
docker/ploughshares/app.py
View File

@ -73,15 +73,36 @@ if APP_DOMAIN:
csp['form-action'] = [csp['form-action'], APP_DOMAIN] csp['form-action'] = [csp['form-action'], APP_DOMAIN]
# Configure Permissions-Policy (formerly Feature-Policy) # Configure Permissions-Policy (formerly Feature-Policy)
# Deny access to all browser features that we don't need
permissions_policy = { permissions_policy = {
'accelerometer': '()', 'accelerometer': '()',
'ambient-light-sensor': '()',
'autoplay': '()',
'battery': '()',
'camera': '()', 'camera': '()',
'display-capture': '()',
'document-domain': '()',
'encrypted-media': '()',
'execution-while-not-rendered': '()',
'execution-while-out-of-viewport': '()',
'fullscreen': '()',
'geolocation': '()', 'geolocation': '()',
'gyroscope': '()', 'gyroscope': '()',
'hid': '()',
'idle-detection': '()',
'magnetometer': '()', 'magnetometer': '()',
'microphone': '()', 'microphone': '()',
'midi': '()',
'navigation-override': '()',
'payment': '()', 'payment': '()',
'usb': '()' 'picture-in-picture': '()',
'publickey-credentials-get': '()',
'screen-wake-lock': '()',
'serial': '()',
'sync-xhr': '()',
'usb': '()',
'web-share': '()',
'xr-spatial-tracking': '()'
} }
# Determine if HTTPS should be forced based on environment # Determine if HTTPS should be forced based on environment