Skip to content

Resolve "add HTTP Permissions-Policy header" ---> via .htaccess rules (Apache web server)

Fabrice Gangler requested to merge 33-add-http-permissions-policy-header into main

related to #33

The HTTP Permissions-Policy header provides a mechanism to allow and deny the use of browser features in a document or within any elements in the document.

Example:

<IfModule headers_module.c>
    # HTTP Permissions-Policy header
    #    - W3C Specification                https://www.w3.org/TR/permissions-policy/
    #    - W3C Permissions Policy Explainer https://github.com/w3c/webappsec-permissions-policy/blob/main/permissions-policy-explainer.md
    #    - W3C Policy Controlled Features   https://github.com/w3c/webappsec-permissions-policy/blob/main/features.md
    #    - MDN documenation                 https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy
    #    - Chrome documenation              https://developer.chrome.com/docs/privacy-sandbox/permissions-policy/
    #    - Permissions-Policy Generator     https://www.permissionspolicy.com
    Header set Permissions-Policy "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=()"
</IfModule>
Edited by Fabrice Gangler

Merge request reports