From a72f55dccdf82a4cfa93af8e33d31ff6c652c2c8 Mon Sep 17 00:00:00 2001
From: Rajesh Paul <rajesh.paul@progress.com>
Date: Tue, 23 Nov 2021 16:07:13 +0530
Subject: [PATCH] add permission policy for nginx to block camera and payment

Signed-off-by: Rajesh Paul <rajesh.paul@progress.com>
---
 omnibus/cookbooks/omnibus-supermarket/templates/nginx.conf.erb | 1 +
 1 file changed, 1 insertion(+)

diff --git a/omnibus/cookbooks/omnibus-supermarket/templates/nginx.conf.erb b/omnibus/cookbooks/omnibus-supermarket/templates/nginx.conf.erb
index 87e15838e..669d89285 100644
--- a/omnibus/cookbooks/omnibus-supermarket/templates/nginx.conf.erb
+++ b/omnibus/cookbooks/omnibus-supermarket/templates/nginx.conf.erb
@@ -39,6 +39,7 @@ http {
   server_tokens off;
   more_clear_headers Server;
   add_header X-Clacks-Overhead "GNU Terry Pratchett";
+  add_header Permissions-Policy "camera 'none'; payment 'none';";
 
   sendfile <%= @nginx['sendfile'] %>;
   tcp_nopush on;