add Permissions-Policy header

https://scotthelme.co.uk/goodbye-feature-policy-and-hello-permissions-policy/
2025-09-18 15:25:33 -04:00 · 2020-11-04 08:46:21 -05:00
parent 44ef6de825
commit 77ee252639
1 changed files with 1 additions and 1 deletions
--- a/netlify.toml
+++ b/netlify.toml
@@ -105,7 +105,6 @@
    manifest-src 'self';
    media-src 'self' data: https:;
    object-src 'none';
-    prefetch-src 'self';
    script-src 'self' buttons.github.io cdn.ampproject.org gist.github.com platform.twitter.com player.vimeo.com;
    style-src 'self' 'unsafe-inline' fonts.googleapis.com github.githubassets.com;
    worker-src 'self';
@@ -117,6 +116,7 @@
    {"group":"default","max_age":604800,"endpoints":[{"url":"https://jarv.is/api/report"}],"include_subdomains":false}'''
    # More generic security headers:
    Feature-Policy = "accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'"
+    Permissions-Policy = "accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()"
    Referrer-Policy = "no-referrer-when-downgrade"
    X-Content-Type-Options = "nosniff"
    X-Frame-Options = "SAMEORIGIN"