Expand Permissions-Policy to deny access to all unnecessary browser features
ci/woodpecker/push/woodpecker Pipeline was successful
Details
ci/woodpecker/push/woodpecker Pipeline was successful
Details
This commit is contained in:
parent
0e76175163
commit
9822bbd903
|
|
@ -73,15 +73,36 @@ if APP_DOMAIN:
|
|||
csp['form-action'] = [csp['form-action'], APP_DOMAIN]
|
||||
|
||||
# Configure Permissions-Policy (formerly Feature-Policy)
|
||||
# Deny access to all browser features that we don't need
|
||||
permissions_policy = {
|
||||
'accelerometer': '()',
|
||||
'ambient-light-sensor': '()',
|
||||
'autoplay': '()',
|
||||
'battery': '()',
|
||||
'camera': '()',
|
||||
'display-capture': '()',
|
||||
'document-domain': '()',
|
||||
'encrypted-media': '()',
|
||||
'execution-while-not-rendered': '()',
|
||||
'execution-while-out-of-viewport': '()',
|
||||
'fullscreen': '()',
|
||||
'geolocation': '()',
|
||||
'gyroscope': '()',
|
||||
'hid': '()',
|
||||
'idle-detection': '()',
|
||||
'magnetometer': '()',
|
||||
'microphone': '()',
|
||||
'midi': '()',
|
||||
'navigation-override': '()',
|
||||
'payment': '()',
|
||||
'usb': '()'
|
||||
'picture-in-picture': '()',
|
||||
'publickey-credentials-get': '()',
|
||||
'screen-wake-lock': '()',
|
||||
'serial': '()',
|
||||
'sync-xhr': '()',
|
||||
'usb': '()',
|
||||
'web-share': '()',
|
||||
'xr-spatial-tracking': '()'
|
||||
}
|
||||
|
||||
# Determine if HTTPS should be forced based on environment
|
||||
|
|
|
|||
Loading…
Reference in New Issue