Feature/Permission policy
guilhem-fry opened this issue · comments
🌱 Feature Request
Is your feature request related to a problem? Please describe.
Currently the package doesn't support the Feature-Policy
header, nor the Permission-Policy
header.
Although the headers are still in draft stage, most browsers are already accepting them.
Moreover, sending those response headers is already a recommended best practice amongst IT corporations, and is included as part of pen testing reports.
Describe the solution you'd like
Implementing the support for those headers.
Documentation, Adoption, Migration Strategy
Same way as other headers in the package.
- [ x ] I've tried to find similar issues and pull requests
- [ x ] I would like to work on this feature 💪🏻
Hey, got a PR for the Feature-Policy header.
Also got one for the Permissions-Policy header, but it depends on the Feature Policy one.
There's no rush.
Feature Policy PR
Permissions-Policy PR
Just tell me if you want me to raise the Permissions PR against the repository.
For those who want a workaround, you can concat additional headers like this:
const securityHeaders = createSecureHeaders({
contentSecurityPolicy: {
...
},
}).concat([
{
key: "Permissions-Policy",
value: "camera=(), microphone=(), geolocation=()"
},
]);