| 123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193 |
- package permissionpolicy
- import (
- "fmt"
- "net/http"
- "strings"
- )
- /*
- Permisson Policy
- This is a permission policy header modifier that changes
- the request permission related policy fields
- author: tobychui
- */
- type PermissionsPolicy struct {
- Accelerometer []string `json:"accelerometer"`
- AmbientLightSensor []string `json:"ambient_light_sensor"`
- Autoplay []string `json:"autoplay"`
- Battery []string `json:"battery"`
- Camera []string `json:"camera"`
- CrossOriginIsolated []string `json:"cross_origin_isolated"`
- DisplayCapture []string `json:"display_capture"`
- DocumentDomain []string `json:"document_domain"`
- EncryptedMedia []string `json:"encrypted_media"`
- ExecutionWhileNotRendered []string `json:"execution_while_not_rendered"`
- ExecutionWhileOutOfView []string `json:"execution_while_out_of_viewport"`
- Fullscreen []string `json:"fullscreen"`
- Geolocation []string `json:"geolocation"`
- Gyroscope []string `json:"gyroscope"`
- KeyboardMap []string `json:"keyboard_map"`
- Magnetometer []string `json:"magnetometer"`
- Microphone []string `json:"microphone"`
- Midi []string `json:"midi"`
- NavigationOverride []string `json:"navigation_override"`
- Payment []string `json:"payment"`
- PictureInPicture []string `json:"picture_in_picture"`
- PublicKeyCredentialsGet []string `json:"publickey_credentials_get"`
- ScreenWakeLock []string `json:"screen_wake_lock"`
- SyncXHR []string `json:"sync_xhr"`
- USB []string `json:"usb"`
- WebShare []string `json:"web_share"`
- XRSpatialTracking []string `json:"xr_spatial_tracking"`
- ClipboardRead []string `json:"clipboard_read"`
- ClipboardWrite []string `json:"clipboard_write"`
- Gamepad []string `json:"gamepad"`
- SpeakerSelection []string `json:"speaker_selection"`
- ConversionMeasurement []string `json:"conversion_measurement"`
- FocusWithoutUserActivation []string `json:"focus_without_user_activation"`
- HID []string `json:"hid"`
- IdleDetection []string `json:"idle_detection"`
- InterestCohort []string `json:"interest_cohort"`
- Serial []string `json:"serial"`
- SyncScript []string `json:"sync_script"`
- TrustTokenRedemption []string `json:"trust_token_redemption"`
- Unload []string `json:"unload"`
- WindowPlacement []string `json:"window_placement"`
- VerticalScroll []string `json:"vertical_scroll"`
- }
- // GetDefaultPermissionPolicy returns a PermissionsPolicy struct with all policies set to *
- func GetDefaultPermissionPolicy() *PermissionsPolicy {
- return &PermissionsPolicy{
- Accelerometer: []string{"*"},
- AmbientLightSensor: []string{"*"},
- Autoplay: []string{"*"},
- Battery: []string{"*"},
- Camera: []string{"*"},
- CrossOriginIsolated: []string{"*"},
- DisplayCapture: []string{"*"},
- DocumentDomain: []string{"*"},
- EncryptedMedia: []string{"*"},
- ExecutionWhileNotRendered: []string{"*"},
- ExecutionWhileOutOfView: []string{"*"},
- Fullscreen: []string{"*"},
- Geolocation: []string{"*"},
- Gyroscope: []string{"*"},
- KeyboardMap: []string{"*"},
- Magnetometer: []string{"*"},
- Microphone: []string{"*"},
- Midi: []string{"*"},
- NavigationOverride: []string{"*"},
- Payment: []string{"*"},
- PictureInPicture: []string{"*"},
- PublicKeyCredentialsGet: []string{"*"},
- ScreenWakeLock: []string{"*"},
- SyncXHR: []string{"*"},
- USB: []string{"*"},
- WebShare: []string{"*"},
- XRSpatialTracking: []string{"*"},
- ClipboardRead: []string{"*"},
- ClipboardWrite: []string{"*"},
- Gamepad: []string{"*"},
- SpeakerSelection: []string{"*"},
- ConversionMeasurement: []string{"*"},
- FocusWithoutUserActivation: []string{"*"},
- HID: []string{"*"},
- IdleDetection: []string{"*"},
- InterestCohort: []string{"*"},
- Serial: []string{"*"},
- SyncScript: []string{"*"},
- TrustTokenRedemption: []string{"*"},
- Unload: []string{"*"},
- WindowPlacement: []string{"*"},
- VerticalScroll: []string{"*"},
- }
- }
- // InjectPermissionPolicyHeader inject the permission policy into headers
- func InjectPermissionPolicyHeader(w http.ResponseWriter, policy *PermissionsPolicy) {
- //Keep the original Permission Policy if exists, or there are no policy given
- if policy == nil || w.Header().Get("Permissions-Policy") != "" {
- return
- }
- policyHeader := []string{}
- // Helper function to add policy directives
- addDirective := func(name string, sources []string) {
- if len(sources) > 0 {
- if sources[0] == "*" {
- //Allow all
- policyHeader = append(policyHeader, fmt.Sprintf("%s=%s", name, "*"))
- } else {
- //Other than "self" which do not need double quote, others domain need double quote in place
- formatedSources := []string{}
- for _, source := range sources {
- if source == "self" {
- formatedSources = append(formatedSources, "self")
- } else {
- formatedSources = append(formatedSources, "\""+source+"\"")
- }
- }
- policyHeader = append(policyHeader, fmt.Sprintf("%s=(%s)", name, strings.Join(formatedSources, " ")))
- }
- } else {
- //There are no setting for this field. Assume no permission
- policyHeader = append(policyHeader, fmt.Sprintf("%s=()", name))
- }
- }
- // Add each policy directive to the header
- addDirective("accelerometer", policy.Accelerometer)
- addDirective("ambient-light-sensor", policy.AmbientLightSensor)
- addDirective("autoplay", policy.Autoplay)
- addDirective("battery", policy.Battery)
- addDirective("camera", policy.Camera)
- addDirective("cross-origin-isolated", policy.CrossOriginIsolated)
- addDirective("display-capture", policy.DisplayCapture)
- addDirective("document-domain", policy.DocumentDomain)
- addDirective("encrypted-media", policy.EncryptedMedia)
- addDirective("execution-while-not-rendered", policy.ExecutionWhileNotRendered)
- addDirective("execution-while-out-of-viewport", policy.ExecutionWhileOutOfView)
- addDirective("fullscreen", policy.Fullscreen)
- addDirective("geolocation", policy.Geolocation)
- addDirective("gyroscope", policy.Gyroscope)
- addDirective("keyboard-map", policy.KeyboardMap)
- addDirective("magnetometer", policy.Magnetometer)
- addDirective("microphone", policy.Microphone)
- addDirective("midi", policy.Midi)
- addDirective("navigation-override", policy.NavigationOverride)
- addDirective("payment", policy.Payment)
- addDirective("picture-in-picture", policy.PictureInPicture)
- addDirective("publickey-credentials-get", policy.PublicKeyCredentialsGet)
- addDirective("screen-wake-lock", policy.ScreenWakeLock)
- addDirective("sync-xhr", policy.SyncXHR)
- addDirective("usb", policy.USB)
- addDirective("web-share", policy.WebShare)
- addDirective("xr-spatial-tracking", policy.XRSpatialTracking)
- addDirective("clipboard-read", policy.ClipboardRead)
- addDirective("clipboard-write", policy.ClipboardWrite)
- addDirective("gamepad", policy.Gamepad)
- addDirective("speaker-selection", policy.SpeakerSelection)
- addDirective("conversion-measurement", policy.ConversionMeasurement)
- addDirective("focus-without-user-activation", policy.FocusWithoutUserActivation)
- addDirective("hid", policy.HID)
- addDirective("idle-detection", policy.IdleDetection)
- addDirective("interest-cohort", policy.InterestCohort)
- addDirective("serial", policy.Serial)
- addDirective("sync-script", policy.SyncScript)
- addDirective("trust-token-redemption", policy.TrustTokenRedemption)
- addDirective("unload", policy.Unload)
- addDirective("window-placement", policy.WindowPlacement)
- addDirective("vertical-scroll", policy.VerticalScroll)
- // Join the directives and set the header
- policyHeaderValue := strings.Join(policyHeader, ", ")
- //Inject the new policy into the header
- w.Header().Set("Permissions-Policy", policyHeaderValue)
- }
|
