Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-10-26 08:36:12 +01:00
Code Issues Packages Projects Releases Wiki Activity

feat: add permissions-policy header

Browse Source
This commit is contained in:
Barış Soner Uşaklı
2022-11-23 11:33:00 -05:00
parent 110311b25e
commit 864fe0f971
3 changed files with 12 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
public/language/en-GB/admin/settings/advanced.json
View File

@@ -20,6 +20,8 @@
"headers.coep-help": "When enabled (default), will set the header to <code>require-corp</code>", "headers.coep-help": "When enabled (default), will set the header to <code>require-corp</code>",
"headers.coop": "Cross-Origin-Opener-Policy", "headers.coop": "Cross-Origin-Opener-Policy",
"headers.corp": "Cross-Origin-Resource-Policy", "headers.corp": "Cross-Origin-Resource-Policy",
"headers.permissions-policy": "Permissions-Policy",
"headers.permissions-policy-help": "Allows setting permissions policy header, for example \"geolocation=*, camera=()\", see <a href=\"https://github.com/w3c/webappsec-permissions-policy/blob/main/permissions-policy-explainer.md\">this</a> for more info.",
"hsts": "Strict Transport Security", "hsts": "Strict Transport Security",
"hsts.enabled": "Enabled HSTS (recommended)", "hsts.enabled": "Enabled HSTS (recommended)",
"hsts.maxAge": "HSTS Max Age", "hsts.maxAge": "HSTS Max Age",

4
src/middleware/headers.js
View File

@@ -57,6 +57,10 @@ module.exports = function (middleware) {
}); });
} }
if (meta.config['permissions-policy']) {
headers['Permissions-Policy'] = meta.config['permissions-policy'];
}
if (meta.config['access-control-allow-credentials']) { if (meta.config['access-control-allow-credentials']) {
headers['Access-Control-Allow-Credentials'] = meta.config['access-control-allow-credentials']; headers['Access-Control-Allow-Credentials'] = meta.config['access-control-allow-credentials'];
} }

6
src/views/admin/settings/advanced.tpl
View File

@@ -99,6 +99,12 @@
</select> </select>
<br /> <br />
</div> </div>
<div class="form-group">
<label for="permissions-policy">[[admin/settings/advanced:headers.permissions-policy]]</label>
<input class="form-control" id="permissions-policy" type="text" placeholder="" data-field="permissions-policy" >
<p class="help-block">[[admin/settings/advanced:headers.permissions-policy-help]]</p>
</div>
</form> </form>
</div> </div>
</div> </div>