TheArchive/zitadel
1
0
Fork 0
mirror of https://github.com/zitadel/zitadel.git synced 2025-08-12 00:47:33 +00:00
Code Issues Packages Projects Releases Wiki Activity

fix: add permissions-policy header (#1059)

Browse Source
This commit is contained in:
Livio Amstutz
2020-12-07 09:00:31 +01:00
committed by GitHub
parent 300ade66a7
commit 6d210c3f00
2 changed files with 2 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
internal/api/http/header.go
View File

@@ -30,6 +30,7 @@ const (
XContentTypeOptions = "x-content-type-options"
ReferrerPolicy = "referrer-policy"
FeaturePolicy = "feature-policy"
PermissionsPolicy = "permissions-policy"
ZitadelOrgID = "x-zitadel-orgid"
)

1
internal/api/http/middleware/security_headers.go
View File

@@ -70,6 +70,7 @@ func (h *headers) ServeHTTP(w http.ResponseWriter, r *http.Request) {
headers.Set(http_utils.XContentTypeOptions, "nosniff")
headers.Set(http_utils.ReferrerPolicy, "same-origin")
headers.Set(http_utils.FeaturePolicy, "payment 'none'")
headers.Set(http_utils.PermissionsPolicy, "payment=()")
//PLANNED: add expect-ct
h.handler.ServeHTTP(w, r)