Elgato_dark/bunkerweb
1
0
Fork 0
mirror of https://github.com/bunkerity/bunkerweb synced 2026-05-24 09:28:37 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

chore: Update Permissions-Policy header in headers.lua to include interest-cohort directive by default and remove the DISABLE_FLOC setting

Browse source
This commit is contained in:
Théophile Diot 2024-08-05 15:46:58 +01:00
parent 162b3dce32
commit 5bfc1b0717
No known key found for this signature in database
GPG key ID: FA995104A0BA376A
2 changed files with 1 additions and 19 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
src/common/core/headers/headers.lua
View file

@ -96,15 +96,6 @@ function headers:header()
and self.variables["CONTENT_SECURITY_POLICY_REPORT_ONLY"] == "yes"
then
ngx_header["Content-Security-Policy-Report-Only"] = self.variables[variable]
elseif header == "Permissions-Policy" then
ngx_header[header] = self.variables[variable]
if self.variables["DISABLE_FLOC"] == "yes" and not ngx_header[header]:find("interest-cohort") then
if ngx_header[header] == nil then
ngx_header[header] = "interest-cohort=()"
else
ngx_header[header] = ngx_header[header] .. ", interest-cohort=()"
end
end
else
ngx_header[header] = self.variables[variable]
end

11
src/common/core/headers/plugin.json
View file

@ -90,22 +90,13 @@
},
"PERMISSIONS_POLICY": {
"context": "multisite",
"default": "accelerometer=(), ambient-light-sensor=(), attribution-reporting=(), autoplay=(), battery=(), bluetooth=(), browsing-topics=(), camera=(), compute-pressure=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), identity-credentials-get=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-create=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), speaker-selection=(), storage-access=(), usb=(), web-share=(), window-management=(), xr-spatial-tracking=()",
"default": "accelerometer=(), ambient-light-sensor=(), attribution-reporting=(), autoplay=(), battery=(), bluetooth=(), browsing-topics=(), camera=(), compute-pressure=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), identity-credentials-get=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-create=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), speaker-selection=(), storage-access=(), usb=(), web-share=(), window-management=(), xr-spatial-tracking=(), interest-cohort=()",
"help": "Value for the Permissions-Policy header.",
"id": "permissions-policy",
"label": "Permissions-Policy",
"regex": "^(?![, ])(,? ?([a-z\\-]+)(?!.*[^\\-]\\2=)=(\\*|\\(( ?(self|\\u0022https?:\\/\\/[\\-\\w@:%.+~#=]+[\\-\\w\\(\\)!@:%+.~#?&\\/=$]*\\u0022)(?=[ \\)]))*\\)))*$",
"type": "text"
},
"DISABLE_FLOC": {
"context": "multisite",
"default": "yes",
"help": "Disable FLoC (Federated Learning of Cohorts) by adding the interest-cohort=() directive to the Permissions-Policy header if it is not already present.",
"id": "disable-floc",
"label": "Disable FLoC (Federated Learning of Cohorts)",
"regex": "^(yes|no)$",
"type": "check"
},
"X_FRAME_OPTIONS": {
"context": "multisite",
"default": "SAMEORIGIN",