Investigate setting Permissions-Policy HTTP headers #2298

tas50 · 2021-10-14T22:59:30Z

Investigate setting Permissions-Policy in Supermarket. This is possible in Rails 6.1, but it may need to be done in Nginx. We should probably disable camera and payment to start since those are 100% not used by Supermarket.

https://blog.saeloun.com/2019/10/01/rails-6-1-adds-http-feature-policy.html

RajeshPaul38 · 2021-11-22T12:22:29Z

similar requirement in this PR: https://github.com/chef/chef-manage/pull/1227

tas50 added Status: Untriaged An issue that has yet to be triaged. Aspect: Security Can an unwanted third party affect the stability or look at privileged information? and removed Status: Untriaged An issue that has yet to be triaged. labels Oct 14, 2021

RajeshPaul38 self-assigned this Nov 18, 2021

RajeshPaul38 mentioned this issue Nov 23, 2021

Add permission policy for nginx to block camera and payment #2394

Merged

5 tasks

RajeshPaul38 linked a pull request Dec 6, 2021 that will close this issue

Removed gem: ruby-filemagic; replaced with built in ruby module: IO #2424

Merged

5 tasks

saghoshprogress closed this as completed in #2424 Dec 16, 2021

RajeshPaul38 removed a link to a pull request Dec 16, 2021

Removed gem: ruby-filemagic; replaced with built in ruby module: IO #2424

Merged

5 tasks

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Investigate setting Permissions-Policy HTTP headers #2298

Investigate setting Permissions-Policy HTTP headers #2298

tas50 commented Oct 14, 2021

RajeshPaul38 commented Nov 22, 2021

Investigate setting Permissions-Policy HTTP headers #2298

Investigate setting Permissions-Policy HTTP headers #2298

Comments

tas50 commented Oct 14, 2021

RajeshPaul38 commented Nov 22, 2021