Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Permissions-Policy header #179

Closed
unindented opened this issue Mar 11, 2019 · 6 comments · Fixed by #271
Closed

Permissions-Policy header #179

unindented opened this issue Mar 11, 2019 · 6 comments · Fixed by #271
Labels
enhancement New feature or request on-hold Waiting for something external to be done, like software release or official standard
Milestone
v5.0.0

Comments

@unindented
Copy link

unindented commented Mar 11, 2019
edited by LeoColomb
Loading

When scanning my site through https://securityheaders.com/ I got flagged because I was missing a Feature-Policy header: https://scotthelme.co.uk/a-new-security-header-feature-policy/

Would you be interested in adding it to the template? I can make a PR if that's the case.
@LeoColomb
Copy link
Member

Thanks for opening this issue!
Before opening a PR, let's review the status of this header.
Does this header follow a published standard?
What is its browser support?

@unindented
Copy link
Author

unindented commented Mar 12, 2019
edited by LeoColomb
Loading

Does this header follow a published standard?

https://w3c.github.io/webappsec-feature-policy/

What is its browser support?

Chrome and Safari atm: https://caniuse.com/#feat=feature-policy

@LeoColomb
Copy link
Member

LeoColomb commented Mar 12, 2019
edited
Loading

Thanks for these links! 👍
On MDN: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy

That said, some concerns:

  • W3C paper is a draft, not a released recommendation (yet);
  • The support is very low and often partial when implemented.

I would suggest to wait for a more solid standard/support before adding a template here.

@LeoColomb LeoColomb added the enhancement New feature or request label Mar 12, 2019
@unindented
Copy link
Author

Sounds good to me. Thanks for considering!

@Malvoz
Copy link
Contributor

Malvoz commented Apr 25, 2019
edited
Loading

When it comes to choosing which features to include in an example policy this standardized features table should come in handy. :)

@LeoColomb LeoColomb changed the title Feature-Policy header Feature-Policy header May 15, 2019
@LeoColomb LeoColomb added the on-hold Waiting for something external to be done, like software release or official standard label Apr 13, 2020
@LeoColomb
Copy link
Member

FYI, Feature Policy is deprecated and replaced by Permissions Policy.
https://caniuse.com/permissions-policy

@LeoColomb LeoColomb changed the title Feature-Policy header Permissions-Policy header Oct 8, 2020
@LeoColomb LeoColomb added this to the v5.0.0 milestone Dec 29, 2020
@LeoColomb LeoColomb mentioned this issue Apr 29, 2021
Closed
LeoColomb added a commit that referenced this issue Jun 14, 2021
@LeoColomb
Add Permissions-Policy header
2e139a3 
Closes #179
@LeoColomb LeoColomb mentioned this issue Jun 14, 2021
Merged
5 tasks
LeoColomb added a commit that referenced this issue Jun 14, 2021
@LeoColomb
Add Permissions-Policy header
661935d 
Closes #179
LeoColomb added a commit that referenced this issue Jun 24, 2021
@LeoColomb
Add Permissions-Policy header
86494cc 
Closes #179
LeoColomb added a commit to h5bp/server-configs-nginx that referenced this issue Jun 28, 2021
@LeoColomb
Add Permissions-Policy header
36310b9 
Ref h5bp/server-configs-apache#179
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
enhancement New feature or request on-hold Waiting for something external to be done, like software release or official standard
Projects
None yet
Milestone
v5.0.0
Development

Successfully merging a pull request may close this issue.

Refresh security policies headers h5bp/server-configs-apache
3 participants
@unindented @LeoColomb @Malvoz