fix: permissions policy

Baroshem · Baroshem · commit 9861e61d6d1f · 2023-10-15T16:21:05.000+02:00
diff --git a/docs/content/1.documentation/1.getting-started/2.configuration.md b/docs/content/1.documentation/1.getting-started/2.configuration.md
@@ -66,11 +66,11 @@ security: {
     xPermittedCrossDomainPolicies: 'none',
     xXSSProtection: '0',
     permissionsPolicy: {
-      camera: ['()'],
-      'display-capture': ['()'],
-      fullscreen: ['()'],
-      geolocation: ['()'],
-      microphone: ['()']
+      camera: [],
+      'display-capture': [],
+      fullscreen: [],
+      geolocation: [],
+      microphone: []
     }
   },
   requestSizeLimiter: {
diff --git a/docs/content/1.documentation/1.getting-started/3.usage.md b/docs/content/1.documentation/1.getting-started/3.usage.md
@@ -96,9 +96,6 @@ experimental: {
 
 ::
 
-
-
-
 ## Disabling functionality
 
 To disable certain middleware or headers, follow this pattern:
diff --git a/docs/content/1.documentation/2.headers/2.permissions-policy.md b/docs/content/1.documentation/2.headers/2.permissions-policy.md
@@ -36,7 +36,19 @@ export default defineNuxtConfig({
 })
 ```
 
-You can also disable this header by `permissionsPolicy: false`.
+You can also disable this header by setting `permissionsPolicy: false`. To disable certain API completely, set its value to empty array like:
+
+```ts
+export default defineNuxtConfig({
+  security: {
+    headers: {
+      permissionsPolicy: {
+        'camera': [] // This will block usage of camera by this website
+      },
+    },
+  },
+})
+```
 
 ## Default value
 
diff --git a/src/defaultConfig.ts b/src/defaultConfig.ts
@@ -31,11 +31,11 @@ export const defaultSecurityConfig = (serverlUrl: string): ModuleOptions => ({
     xPermittedCrossDomainPolicies: 'none',
     xXSSProtection: '0',
     permissionsPolicy: {
-      camera: ['()'],
-      'display-capture': ['()'],
-      fullscreen: ['()'],
-      geolocation: ['()'],
-      microphone: ['()']
+      camera: [],
+      'display-capture': [],
+      fullscreen: [],
+      geolocation: [],
+      microphone: []
     }
   },
   requestSizeLimiter: {
diff --git a/src/headers.ts b/src/headers.ts
@@ -41,7 +41,7 @@ const headerValueMappers = {
     })
       .filter(Boolean).join('; ')
   },
-  permissionsPolicy: (value: PermissionsPolicyValue) => Object.entries(value).map(([directive, sources]) => (sources as string[])?.length && `${directive}=${(sources as string[]).join(' ')}`).filter(Boolean).join(', ')
+  permissionsPolicy: (value: PermissionsPolicyValue) => Object.entries(value).map(([directive, sources]) => `${directive}=(${(sources as string[]).join(' ')})`).filter(Boolean).join(', ')
 }
 
 export const getHeaderValueFromOptions = <T>(headerType: HeaderMapper, headerOptions: any) => {

Original file line number	Diff line number	Diff line change
`@@ -41,7 +41,7 @@ const headerValueMappers = {`
`41`	`41`	`})`
`42`	`42`	`.filter(Boolean).join('; ')`
`43`	`43`	`},`
`44`		- permissionsPolicy: (value: PermissionsPolicyValue) => Object.entries(value).map(([directive, sources]) => (sources as string[])?.length && `${directive}=${(sources as string[]).join(' ')}`).filter(Boolean).join(', ')
	`44`	+ permissionsPolicy: (value: PermissionsPolicyValue) => Object.entries(value).map(([directive, sources]) => `${directive}=(${(sources as string[]).join(' ')})`).filter(Boolean).join(', ')
`45`	`45`	`}`
`46`	`46`
`47`	`47`	`export const getHeaderValueFromOptions = <T>(headerType: HeaderMapper, headerOptions: any) => {`