From 77ee252639fb6cc89726f10d35b35950cfcfef5f Mon Sep 17 00:00:00 2001
From: Jake Jarvis <jake@jarv.is>
Date: Wed, 4 Nov 2020 08:46:21 -0500
Subject: [PATCH] add Permissions-Policy header

https://scotthelme.co.uk/goodbye-feature-policy-and-hello-permissions-policy/
---
 netlify.toml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/netlify.toml b/netlify.toml
index 82a65714..e5e087fa 100644
--- a/netlify.toml
+++ b/netlify.toml
@@ -105,7 +105,6 @@
     manifest-src 'self';
     media-src 'self' data: https:;
     object-src 'none';
-    prefetch-src 'self';
     script-src 'self' buttons.github.io cdn.ampproject.org gist.github.com platform.twitter.com player.vimeo.com;
     style-src 'self' 'unsafe-inline' fonts.googleapis.com github.githubassets.com;
     worker-src 'self';
@@ -117,6 +116,7 @@
     {"group":"default","max_age":604800,"endpoints":[{"url":"https://jarv.is/api/report"}],"include_subdomains":false}'''
     # More generic security headers:
     Feature-Policy = "accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'"
+    Permissions-Policy = "accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()"
     Referrer-Policy = "no-referrer-when-downgrade"
     X-Content-Type-Options = "nosniff"
     X-Frame-Options = "SAMEORIGIN"