10 months ago · c5320b5eaa
--- a/mod/dynamicproxy/permissionpolicy/permissionpolicy.go
+++ b/mod/dynamicproxy/permissionpolicy/permissionpolicy.go
@@ -11,6 +11,8 @@ import (
 
				 
			
 
				 	This is a permission policy header modifier that changes
			
 
				 	the request permission related policy fields
			
 
				+
			
 
				+	author: tobychui
			
 
				 */
			
 
				 
			
 
				 type PermissionsPolicy struct {
			
@@ -58,6 +60,54 @@ type PermissionsPolicy struct {
 
				 	VerticalScroll             []string `json:"vertical_scroll"`
			
 
				 }
			
 
				 
			
 
				+// GetDefaultPermissionPolicy returns a PermissionsPolicy struct with all policies set to *
			
 
				+func GetDefaultPermissionPolicy() *PermissionsPolicy {
			
 
				+	return &PermissionsPolicy{
			
 
				+		Accelerometer:              []string{"*"},
			
 
				+		AmbientLightSensor:         []string{"*"},
			
 
				+		Autoplay:                   []string{"*"},
			
 
				+		Battery:                    []string{"*"},
			
 
				+		Camera:                     []string{"*"},
			
 
				+		CrossOriginIsolated:        []string{"*"},
			
 
				+		DisplayCapture:             []string{"*"},
			
 
				+		DocumentDomain:             []string{"*"},
			
 
				+		EncryptedMedia:             []string{"*"},
			
 
				+		ExecutionWhileNotRendered:  []string{"*"},
			
 
				+		ExecutionWhileOutOfView:    []string{"*"},
			
 
				+		Fullscreen:                 []string{"*"},
			
 
				+		Geolocation:                []string{"*"},
			
 
				+		Gyroscope:                  []string{"*"},
			
 
				+		KeyboardMap:                []string{"*"},
			
 
				+		Magnetometer:               []string{"*"},
			
 
				+		Microphone:                 []string{"*"},
			
 
				+		Midi:                       []string{"*"},
			
 
				+		NavigationOverride:         []string{"*"},
			
 
				+		Payment:                    []string{"*"},
			
 
				+		PictureInPicture:           []string{"*"},
			
 
				+		PublicKeyCredentialsGet:    []string{"*"},
			
 
				+		ScreenWakeLock:             []string{"*"},
			
 
				+		SyncXHR:                    []string{"*"},
			
 
				+		USB:                        []string{"*"},
			
 
				+		WebShare:                   []string{"*"},
			
 
				+		XRSpatialTracking:          []string{"*"},
			
 
				+		ClipboardRead:              []string{"*"},
			
 
				+		ClipboardWrite:             []string{"*"},
			
 
				+		Gamepad:                    []string{"*"},
			
 
				+		SpeakerSelection:           []string{"*"},
			
 
				+		ConversionMeasurement:      []string{"*"},
			
 
				+		FocusWithoutUserActivation: []string{"*"},
			
 
				+		HID:                        []string{"*"},
			
 
				+		IdleDetection:              []string{"*"},
			
 
				+		InterestCohort:             []string{"*"},
			
 
				+		Serial:                     []string{"*"},
			
 
				+		SyncScript:                 []string{"*"},
			
 
				+		TrustTokenRedemption:       []string{"*"},
			
 
				+		Unload:                     []string{"*"},
			
 
				+		WindowPlacement:            []string{"*"},
			
 
				+		VerticalScroll:             []string{"*"},
			
 
				+	}
			
 
				+}
			
 
				+
			
 
				 // InjectPermissionPolicyHeader inject the permission policy into headers
			
 
				 func InjectPermissionPolicyHeader(w http.ResponseWriter, policy *PermissionsPolicy) {
			
 
				 	//Keep the original Permission Policy if exists, or there are no policy given
			
@@ -71,11 +121,23 @@ func InjectPermissionPolicyHeader(w http.ResponseWriter, policy *PermissionsPoli
 
				 	addDirective := func(name string, sources []string) {
			
 
				 		if len(sources) > 0 {
			
 
				 			if sources[0] == "*" {
			
 
				+				//Allow all
			
 
				 				policyHeader = append(policyHeader, fmt.Sprintf("%s=%s", name, "*"))
			
 
				 			} else {
			
 
				-				policyHeader = append(policyHeader, fmt.Sprintf("%s=(%s)", name, strings.Join(sources, ", ")))
			
 
				+				//Other than "self" which do not need double quote, others domain need double quote in place
			
 
				+				formatedSources := []string{}
			
 
				+				for _, source := range sources {
			
 
				+					if source == "self" {
			
 
				+						formatedSources = append(formatedSources, "self")
			
 
				+					} else {
			
 
				+						formatedSources = append(formatedSources, "\""+source+"\"")
			
 
				+					}
			
 
				+				}
			
 
				+				policyHeader = append(policyHeader, fmt.Sprintf("%s=(%s)", name, strings.Join(formatedSources, " ")))
			
 
				 			}
			
 
				-
			
 
				+		} else {
			
 
				+			//There are no setting for this field. Assume no permission
			
 
				+			policyHeader = append(policyHeader, fmt.Sprintf("%s=()", name))
			
 
				 		}
			
 
				 	}
			
 
				 
			
--- a/mod/dynamicproxy/permissionpolicy/permissionpolicy_test.go
+++ b/mod/dynamicproxy/permissionpolicy/permissionpolicy_test.go
@@ -9,6 +9,12 @@ import (
 
				 )
			
 
				 
			
 
				 func TestInjectPermissionPolicyHeader(t *testing.T) {
			
 
				+	//Prepare the data for permission policy
			
 
				+	testPermissionPolicy := permissionpolicy.GetDefaultPermissionPolicy()
			
 
				+	testPermissionPolicy.Geolocation = []string{"self"}
			
 
				+	testPermissionPolicy.Microphone = []string{"self", "https://example.com"}
			
 
				+	testPermissionPolicy.Camera = []string{"*"}
			
 
				+
			
 
				 	tests := []struct {
			
 
				 		name           string
			
 
				 		existingHeader string
			
@@ -16,36 +22,10 @@ func TestInjectPermissionPolicyHeader(t *testing.T) {
 
				 		expectedHeader string
			
 
				 	}{
			
 
				 		{
			
 
				-			name:           "No existing policy, valid PermissionsPolicy",
			
 
				-			existingHeader: "",
			
 
				-			policy: &permissionpolicy.PermissionsPolicy{
			
 
				-				Geolocation: []string{"self"},
			
 
				-				Microphone:  []string{"https://example.com"},
			
 
				-				Camera:      []string{"*"},
			
 
				-			},
			
 
				-			expectedHeader: "camera=*, geolocation=(self), microphone=(https://example.com)",
			
 
				-		},
			
 
				-		{
			
 
				-			name:           "Existing Permissions-Policy header should not be overwritten",
			
 
				-			existingHeader: "geolocation=(self), microphone=()",
			
 
				-			policy: &permissionpolicy.PermissionsPolicy{
			
 
				-				Geolocation: []string{"self"},
			
 
				-				Microphone:  []string{"https://example.com"},
			
 
				-				Camera:      []string{"*"},
			
 
				-			},
			
 
				-			expectedHeader: "geolocation=(self), microphone=()",
			
 
				-		},
			
 
				-		{
			
 
				-			name:           "No policy provided",
			
 
				-			existingHeader: "",
			
 
				-			policy:         nil,
			
 
				-			expectedHeader: "",
			
 
				-		},
			
 
				-		{
			
 
				-			name:           "Empty PermissionsPolicy",
			
 
				+			name:           "Default policy with a few limitations",
			
 
				 			existingHeader: "",
			
 
				-			policy:         &permissionpolicy.PermissionsPolicy{},
			
 
				-			expectedHeader: "",
			
 
				+			policy:         testPermissionPolicy,
			
 
				+			expectedHeader: `accelerometer=*, ambient-light-sensor=*, autoplay=*, battery=*, camera=*, cross-origin-isolated=*, display-capture=*, document-domain=*, encrypted-media=*, execution-while-not-rendered=*, execution-while-out-of-viewport=*, fullscreen=*, geolocation=(self), gyroscope=*, keyboard-map=*, magnetometer=*, microphone=(self "https://example.com"), midi=*, navigation-override=*, payment=*, picture-in-picture=*, publickey-credentials-get=*, screen-wake-lock=*, sync-xhr=*, usb=*, web-share=*, xr-spatial-tracking=*, clipboard-read=*, clipboard-write=*, gamepad=*, speaker-selection=*, conversion-measurement=*, focus-without-user-activation=*, hid=*, idle-detection=*, interest-cohort=*, serial=*, sync-script=*, trust-token-redemption=*, unload=*, window-placement=*, vertical-scroll=*`,
			
 
				 		},
			
 
				 	}