From 1acf7c95e477c1dd871a53b1fbbcfec6db390635 Mon Sep 17 00:00:00 2001 From: Roland Gruber Date: Fri, 16 Aug 2019 22:09:31 +0200 Subject: [PATCH] added feature policy --- lam/lib/security.inc | 1 + 1 file changed, 1 insertion(+) diff --git a/lam/lib/security.inc b/lam/lib/security.inc index e417e6cf..28663c85 100644 --- a/lam/lib/security.inc +++ b/lam/lib/security.inc @@ -690,6 +690,7 @@ function setLAMHeaders() { header('Content-Security-Policy: frame-ancestors \'self\'; form-action \'self\'; base-uri \'none\'; object-src \'none\'; frame-src \'self\' https://*.duosecurity.com; worker-src \'self\''); header('X-Content-Type-Options: nosniff'); header('X-XSS-Protection: 1; mode=block'); + header("Feature-Policy: ambient-light-sensor 'none'; autoplay 'none'; accelerometer 'none'; camera 'none'; encrypted-media 'none'; fullscreen 'self'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'none'; speaker 'none'; sync-xhr 'self'; usb 'none'; vr 'none'"); } }