From 08ec367e617edb32e504d74fe104b6ab7dbccf67 Mon Sep 17 00:00:00 2001 From: meaz Date: Fri, 16 Apr 2021 09:15:54 +0200 Subject: [PATCH 1/2] add Permissions-Policy --- templates/etc/nginx/sites-available/core.j2 | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/templates/etc/nginx/sites-available/core.j2 b/templates/etc/nginx/sites-available/core.j2 index 92ec2fe..14fad30 100644 --- a/templates/etc/nginx/sites-available/core.j2 +++ b/templates/etc/nginx/sites-available/core.j2 @@ -8,7 +8,7 @@ {% block server_info %} ## SERVER INFO -server { +server { server_name {% if item.name is string %}{{ item.name }}{% else %}{{ item.name | join(' ') }}{% endif %}; {% if item.proto == 'http' %} listen {{ item.listen }} {% if nginx_default_vhost == item.name %} default_server{% endif %}; @@ -49,6 +49,9 @@ server { {% if item.headers is defined and item.headers == 'none' %} {% else %} ## HEADERS +{% if item.permissions_policy is defined %} + add_header Permissions-Policy "geolocation=(),interest-cohort=()"; +{% endif %} {% if item.secure_site is defined %} add_header X-Download-Options noopen; add_header X-Permitted-Cross-Domain-Policies none; From ee1b806873f7b5799b861e2ab3f9339e0212be70 Mon Sep 17 00:00:00 2001 From: meaz Date: Fri, 16 Apr 2021 10:13:11 +0200 Subject: [PATCH 2/2] block per default --- templates/etc/nginx/sites-available/core.j2 | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/templates/etc/nginx/sites-available/core.j2 b/templates/etc/nginx/sites-available/core.j2 index 14fad30..3fc1314 100644 --- a/templates/etc/nginx/sites-available/core.j2 +++ b/templates/etc/nginx/sites-available/core.j2 @@ -49,7 +49,8 @@ server { {% if item.headers is defined and item.headers == 'none' %} {% else %} ## HEADERS -{% if item.permissions_policy is defined %} +{% if item.permission_policy is defined and item.permission_policy == 'none' %} +{% else %} add_header Permissions-Policy "geolocation=(),interest-cohort=()"; {% endif %} {% if item.secure_site is defined %}