diff --git a/public/language/en-GB/admin/settings/advanced.json b/public/language/en-GB/admin/settings/advanced.json index 1bf35d7370..982eaa2f64 100644 --- a/public/language/en-GB/admin/settings/advanced.json +++ b/public/language/en-GB/admin/settings/advanced.json @@ -20,6 +20,8 @@ "headers.coep-help": "When enabled (default), will set the header to require-corp", "headers.coop": "Cross-Origin-Opener-Policy", "headers.corp": "Cross-Origin-Resource-Policy", + "headers.permissions-policy": "Permissions-Policy", + "headers.permissions-policy-help": "Allows setting permissions policy header, for example \"geolocation=*, camera=()\", see this for more info.", "hsts": "Strict Transport Security", "hsts.enabled": "Enabled HSTS (recommended)", "hsts.maxAge": "HSTS Max Age", diff --git a/src/middleware/headers.js b/src/middleware/headers.js index 7f05f11928..f6aaecd3e8 100644 --- a/src/middleware/headers.js +++ b/src/middleware/headers.js @@ -57,6 +57,10 @@ module.exports = function (middleware) { }); } + if (meta.config['permissions-policy']) { + headers['Permissions-Policy'] = meta.config['permissions-policy']; + } + if (meta.config['access-control-allow-credentials']) { headers['Access-Control-Allow-Credentials'] = meta.config['access-control-allow-credentials']; } diff --git a/src/views/admin/settings/advanced.tpl b/src/views/admin/settings/advanced.tpl index 83d010ad63..1041848878 100644 --- a/src/views/admin/settings/advanced.tpl +++ b/src/views/admin/settings/advanced.tpl @@ -99,6 +99,12 @@
+ +
+ + +

[[admin/settings/advanced:headers.permissions-policy-help]]

+