repos/website
1
Fork 0
Code Issues 1 Pull requests 27 Activity

Add permissions policy

Browse source
This commit is contained in:
Jake Howard 2022-10-30 19:12:26 +00:00
parent d809890b0f
commit 01d78a7378
Signed by: jake
GPG key ID: 57AFB45680EDD477
3 changed files with 37 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

17
poetry.lock generated
View file

@ -318,6 +318,17 @@ Django = "*"
[package.extras] [package.extras]
testing = ["django-modelcluster"] testing = ["django-modelcluster"]
[[package]]
name = "django-permissions-policy"
version = "4.13.0"
description = "Set the draft security HTTP header Permissions-Policy (previously Feature-Policy) on your Django app."
category = "main"
optional = false
python-versions = ">=3.7"
[package.dependencies]
Django = ">=3.2"
[[package]] [[package]]
name = "django-plausible" name = "django-plausible"
version = "0.4.0" version = "0.4.0"
@ -1387,7 +1398,7 @@ testing = ["flake8 (<5)", "func-timeout", "jaraco.functools", "jaraco.itertools"
[metadata] [metadata]
lock-version = "1.1" lock-version = "1.1"
python-versions = "^3.10" python-versions = "^3.10"
content-hash = "8d2f240eaa055939613b5fcd9f364df73c8488de9fe3aa9e68c691ff7ad7c3d5" content-hash = "24f28337794e9b5a60a33b8993b98de7815fdc9603d8ffc6cb258ee56c29f996"
[metadata.files] [metadata.files]
anyascii = [ anyascii = [
@ -1621,6 +1632,10 @@ django-permissionedforms = [
{file = "django-permissionedforms-0.1.tar.gz", hash = "sha256:4340bb20c4477fffb13b4cc5cccf9f1b1010b64f79956c291c72d2ad2ed243f8"}, {file = "django-permissionedforms-0.1.tar.gz", hash = "sha256:4340bb20c4477fffb13b4cc5cccf9f1b1010b64f79956c291c72d2ad2ed243f8"},
{file = "django_permissionedforms-0.1-py2.py3-none-any.whl", hash = "sha256:d341a961a27cc77fde8cc42141c6ab55cc1f0cb886963cc2d6967b9674fa47d6"}, {file = "django_permissionedforms-0.1-py2.py3-none-any.whl", hash = "sha256:d341a961a27cc77fde8cc42141c6ab55cc1f0cb886963cc2d6967b9674fa47d6"},
] ]
django-permissions-policy = [
{file = "django-permissions-policy-4.13.0.tar.gz", hash = "sha256:c340f822de6ea48888b8620214f98f516c53501d0f54de53d172715ab94e0da2"},
{file = "django_permissions_policy-4.13.0-py3-none-any.whl", hash = "sha256:2c9aa83a7bb49d32f9bb77384d3fcf81b141f18df3c2bcf8810a154860a22e63"},
]
django-plausible = [ django-plausible = [
{file = "django-plausible-0.4.0.tar.gz", hash = "sha256:0e8b90504807812f7416265d5e42377e1bf0cf102610abf4b4331d1f1bcc9383"}, {file = "django-plausible-0.4.0.tar.gz", hash = "sha256:0e8b90504807812f7416265d5e42377e1bf0cf102610abf4b4331d1f1bcc9383"},
{file = "django_plausible-0.4.0-py3-none-any.whl", hash = "sha256:c81e0ba88fa476f435ec907a5d7eda9848495e725789c23b62c926eace215bf5"}, {file = "django_plausible-0.4.0-py3-none-any.whl", hash = "sha256:c81e0ba88fa476f435ec907a5d7eda9848495e725789c23b62c926eace215bf5"},

1
pyproject.toml
View file

@ -38,6 +38,7 @@ django-cors-headers = "^3.13.0"
uritemplate = "^4.1.1" uritemplate = "^4.1.1"
PyYAML = "^6.0" PyYAML = "^6.0"
django-csp = "^3.7" django-csp = "^3.7"
django-permissions-policy = "^4.13.0"
[tool.poetry.group.dev.dependencies] [tool.poetry.group.dev.dependencies]

20
website/settings.py
View file

@ -104,6 +104,7 @@ MIDDLEWARE = [
"wagtail.contrib.redirects.middleware.RedirectMiddleware", "wagtail.contrib.redirects.middleware.RedirectMiddleware",
"django_htmx.middleware.HtmxMiddleware", "django_htmx.middleware.HtmxMiddleware",
"csp.middleware.CSPMiddleware", "csp.middleware.CSPMiddleware",
"django_permissions_policy.PermissionsPolicyMiddleware",
] ]
ROOT_URLCONF = "website.urls" ROOT_URLCONF = "website.urls"
@ -392,6 +393,25 @@ SESSION_COOKIE_HTTPONLY = True
SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https") SECURE_PROXY_SSL_HEADER = ("HTTP_X_FORWARDED_PROTO", "https")
PERMISSIONS_POLICY = {
"accelerometer": [],
"ambient-light-sensor": [],
"autoplay": [],
"camera": [],
"display-capture": [],
"document-domain": [],
"encrypted-media": [],
"fullscreen": [],
"geolocation": [],
"gyroscope": [],
"interest-cohort": [],
"magnetometer": [],
"microphone": [],
"midi": [],
"payment": [],
"usb": [],
}
if not DEBUG: if not DEBUG:
SECURE_HSTS_SECONDS = 2592000 # 30 days SECURE_HSTS_SECONDS = 2592000 # 30 days