|
|
@@ -1,6 +1,10 @@
|
|
|
package permissionpolicy
|
|
|
|
|
|
-import "net/http"
|
|
|
+import (
|
|
|
+ "fmt"
|
|
|
+ "net/http"
|
|
|
+ "strings"
|
|
|
+)
|
|
|
|
|
|
/*
|
|
|
Permisson Policy
|
|
|
@@ -54,7 +58,74 @@ type PermissionsPolicy struct {
|
|
|
VerticalScroll []string `json:"vertical_scroll"`
|
|
|
}
|
|
|
|
|
|
-func InjectSecurePolicyHeader(w http.ResponseWriter, r *http.Request) {
|
|
|
+// InjectPermissionPolicyHeader inject the permission policy into headers
|
|
|
+func InjectPermissionPolicyHeader(w http.ResponseWriter, policy *PermissionsPolicy) {
|
|
|
+ //Keep the original Permission Policy if exists, or there are no policy given
|
|
|
+ if policy == nil || w.Header().Get("Permissions-Policy") != "" {
|
|
|
+ return
|
|
|
+ }
|
|
|
|
|
|
- //w.Header()
|
|
|
+ policyHeader := []string{}
|
|
|
+
|
|
|
+ // Helper function to add policy directives
|
|
|
+ addDirective := func(name string, sources []string) {
|
|
|
+ if len(sources) > 0 {
|
|
|
+ if sources[0] == "*" {
|
|
|
+ policyHeader = append(policyHeader, fmt.Sprintf("%s=%s", name, "*"))
|
|
|
+ } else {
|
|
|
+ policyHeader = append(policyHeader, fmt.Sprintf("%s=(%s)", name, strings.Join(sources, ", ")))
|
|
|
+ }
|
|
|
+
|
|
|
+ }
|
|
|
+ }
|
|
|
+
|
|
|
+ // Add each policy directive to the header
|
|
|
+ addDirective("accelerometer", policy.Accelerometer)
|
|
|
+ addDirective("ambient-light-sensor", policy.AmbientLightSensor)
|
|
|
+ addDirective("autoplay", policy.Autoplay)
|
|
|
+ addDirective("battery", policy.Battery)
|
|
|
+ addDirective("camera", policy.Camera)
|
|
|
+ addDirective("cross-origin-isolated", policy.CrossOriginIsolated)
|
|
|
+ addDirective("display-capture", policy.DisplayCapture)
|
|
|
+ addDirective("document-domain", policy.DocumentDomain)
|
|
|
+ addDirective("encrypted-media", policy.EncryptedMedia)
|
|
|
+ addDirective("execution-while-not-rendered", policy.ExecutionWhileNotRendered)
|
|
|
+ addDirective("execution-while-out-of-viewport", policy.ExecutionWhileOutOfView)
|
|
|
+ addDirective("fullscreen", policy.Fullscreen)
|
|
|
+ addDirective("geolocation", policy.Geolocation)
|
|
|
+ addDirective("gyroscope", policy.Gyroscope)
|
|
|
+ addDirective("keyboard-map", policy.KeyboardMap)
|
|
|
+ addDirective("magnetometer", policy.Magnetometer)
|
|
|
+ addDirective("microphone", policy.Microphone)
|
|
|
+ addDirective("midi", policy.Midi)
|
|
|
+ addDirective("navigation-override", policy.NavigationOverride)
|
|
|
+ addDirective("payment", policy.Payment)
|
|
|
+ addDirective("picture-in-picture", policy.PictureInPicture)
|
|
|
+ addDirective("publickey-credentials-get", policy.PublicKeyCredentialsGet)
|
|
|
+ addDirective("screen-wake-lock", policy.ScreenWakeLock)
|
|
|
+ addDirective("sync-xhr", policy.SyncXHR)
|
|
|
+ addDirective("usb", policy.USB)
|
|
|
+ addDirective("web-share", policy.WebShare)
|
|
|
+ addDirective("xr-spatial-tracking", policy.XRSpatialTracking)
|
|
|
+ addDirective("clipboard-read", policy.ClipboardRead)
|
|
|
+ addDirective("clipboard-write", policy.ClipboardWrite)
|
|
|
+ addDirective("gamepad", policy.Gamepad)
|
|
|
+ addDirective("speaker-selection", policy.SpeakerSelection)
|
|
|
+ addDirective("conversion-measurement", policy.ConversionMeasurement)
|
|
|
+ addDirective("focus-without-user-activation", policy.FocusWithoutUserActivation)
|
|
|
+ addDirective("hid", policy.HID)
|
|
|
+ addDirective("idle-detection", policy.IdleDetection)
|
|
|
+ addDirective("interest-cohort", policy.InterestCohort)
|
|
|
+ addDirective("serial", policy.Serial)
|
|
|
+ addDirective("sync-script", policy.SyncScript)
|
|
|
+ addDirective("trust-token-redemption", policy.TrustTokenRedemption)
|
|
|
+ addDirective("unload", policy.Unload)
|
|
|
+ addDirective("window-placement", policy.WindowPlacement)
|
|
|
+ addDirective("vertical-scroll", policy.VerticalScroll)
|
|
|
+
|
|
|
+ // Join the directives and set the header
|
|
|
+ policyHeaderValue := strings.Join(policyHeader, ", ")
|
|
|
+
|
|
|
+ //Inject the new policy into the header
|
|
|
+ w.Header().Set("Permissions-Policy", policyHeaderValue)
|
|
|
}
|
Toby Chui