From 5e07faacbd8deb5d475f84503173586a1179ff2e Mon Sep 17 00:00:00 2001
From: Kim Pepper <kim@previousnext.com.au>
Date: Tue, 10 Sep 2024 14:45:20 +1000
Subject: [PATCH 1/3] Replace deprecated Feature-Policy header with
 Permissions-Policy

---
 base/etc/nginx/conf.d/header/permissions.conf | 1 +
 1 file changed, 1 insertion(+)
 create mode 100644 base/etc/nginx/conf.d/header/permissions.conf

diff --git a/base/etc/nginx/conf.d/header/permissions.conf b/base/etc/nginx/conf.d/header/permissions.conf
new file mode 100644
index 0000000..85112f8
--- /dev/null
+++ b/base/etc/nginx/conf.d/header/permissions.conf
@@ -0,0 +1 @@
+add_header Permissions-Policy "accelerometer=(), camera=(), geolocation=(), gyroscope=(), microphone=(), payment=(), usb=()";

From 6414ba8770205292bda8300e7917b6ca2edfbb6b Mon Sep 17 00:00:00 2001
From: Kim Pepper <kim@previousnext.com.au>
Date: Tue, 10 Sep 2024 14:46:23 +1000
Subject: [PATCH 2/3] Remove feature policy header

---
 base/etc/nginx/conf.d/header/feature.conf | 3 ---
 1 file changed, 3 deletions(-)
 delete mode 100644 base/etc/nginx/conf.d/header/feature.conf

diff --git a/base/etc/nginx/conf.d/header/feature.conf b/base/etc/nginx/conf.d/header/feature.conf
deleted file mode 100644
index 39ecf7d..0000000
--- a/base/etc/nginx/conf.d/header/feature.conf
+++ /dev/null
@@ -1,3 +0,0 @@
-# Feature Policy will allow a site to enable or disable certain browser features and APIs in the interest of better security and privacy.
-# https://scotthelme.co.uk/a-new-security-header-feature-policy
-add_header Feature-Policy "geolocation 'none'; midi 'none'; notifications 'none'; push 'none'; microphone 'none'; camera 'none'; magnetometer 'none'; gyroscope 'none'; speaker 'self'; vibrate 'none'; fullscreen 'self'; payment 'none';";

From f49e26bb469b4d01e6058bbac252f764f1a5614c Mon Sep 17 00:00:00 2001
From: Kim Pepper <kim@previousnext.com.au>
Date: Wed, 11 Sep 2024 13:36:22 +1000
Subject: [PATCH 3/3] Override feature conf

---
 base/etc/nginx/conf.d/header/feature.conf     | 1 +
 base/etc/nginx/conf.d/header/permissions.conf | 1 -
 2 files changed, 1 insertion(+), 1 deletion(-)
 create mode 100644 base/etc/nginx/conf.d/header/feature.conf
 delete mode 100644 base/etc/nginx/conf.d/header/permissions.conf

diff --git a/base/etc/nginx/conf.d/header/feature.conf b/base/etc/nginx/conf.d/header/feature.conf
new file mode 100644
index 0000000..7145c7e
--- /dev/null
+++ b/base/etc/nginx/conf.d/header/feature.conf
@@ -0,0 +1 @@
+add_header Permissions-Policy "accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), usb=()";
diff --git a/base/etc/nginx/conf.d/header/permissions.conf b/base/etc/nginx/conf.d/header/permissions.conf
deleted file mode 100644
index 85112f8..0000000
--- a/base/etc/nginx/conf.d/header/permissions.conf
+++ /dev/null
@@ -1 +0,0 @@
-add_header Permissions-Policy "accelerometer=(), camera=(), geolocation=(), gyroscope=(), microphone=(), payment=(), usb=()";