Add Permissions-Policy header with strict settings

wagtail · Oct 28, 2022 · e77a2cd · e77a2cd
1 parent 219f06a
commit e77a2cd
Show file tree

Hide file tree

Showing 3 changed files with 42 additions and 1 deletion.
diff --git a/apps/guide/settings/base.py b/apps/guide/settings/base.py
@@ -67,6 +67,7 @@
 
 MIDDLEWARE = [
     "django.middleware.security.SecurityMiddleware",
+    "django_permissions_policy.PermissionsPolicyMiddleware",
     # Whitenoise middleware is used to server static files (CSS, JS, etc.).
     # According to the official documentation it should be listed underneath
     # SecurityMiddleware.
@@ -182,6 +183,30 @@
 ]
 
 
+# Security
+
+# Configure the `Permissions-Policy` header
+# https://github.com/adamchainz/django-permissions-policy
+PERMISSIONS_POLICY = {
+    "accelerometer": [],
+    "ambient-light-sensor": [],
+    "autoplay": [],
+    "camera": [],
+    "display-capture": [],
+    "document-domain": [],
+    "encrypted-media": [],
+    "fullscreen": [],
+    "geolocation": [],
+    "gyroscope": [],
+    "interest-cohort": [],
+    "magnetometer": [],
+    "microphone": [],
+    "midi": [],
+    "payment": [],
+    "usb": [],
+}
+
+
 # Internationalization
 # https://docs.djangoproject.com/en/4.0/topics/i18n/
 

diff --git a/poetry.lock b/poetry.lock
diff --git a/pyproject.toml b/pyproject.toml
@@ -20,6 +20,7 @@ django-storages = "1.13.1"
 whitenoise = "6.2.0"
 psycopg2 = "2.9.3"
 wagtail-localize = "^1.3.1"
+django-permissions-policy = "^4.13.0"
 
 [tool.poetry.group.dev.dependencies]
 black = "^22.10.0"