Merge pull request #468 from Baroshem/chore/2.0.0-rc.6

vejja · web-flow · commit c6891f439dc5 · 2024-05-31T17:06:33.000+02:00
Chore/2.0.0-rc.6
diff --git a/docs/content/1.documentation/2.headers/2.permissions-policy.md b/docs/content/1.documentation/2.headers/2.permissions-policy.md
@@ -57,7 +57,7 @@ export default defineNuxtConfig({
 By default, Nuxt Security will set following value for this header.
 
 ```http
-Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), gamepad=(), geolocation=(), gyroscope=(), layout-animations=(self), legacy-image-formats=(self), magnetometer=(), microphone=(), midi=(), oversized-images=(self), payment=(), picture-in-picture=(), publickey-credentials-get=(), speaker-selection=(), sync-xhr=(self), unoptimized-images=(self), unsized-media=(self), usb=(), screen-wake-lock=(), web-share=(), xr-spatial-tracking=();
+Permissions-Policy: accelerometer=(), autoplay=(), camera=(), display-capture=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(), xr-spatial-tracking=()
 ```
 
 ## Available values
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "nuxt-security",
-  "version": "2.0.0-rc.5",
+  "version": "2.0.0-rc.6",
   "license": "MIT",
   "type": "module",
   "homepage": "https://nuxt-security.vercel.app",
diff --git a/src/defaultConfig.ts b/src/defaultConfig.ts
@@ -39,32 +39,52 @@ export const defaultSecurityConfig = (serverlUrl: string): ModuleOptions => ({
     xXSSProtection: '0',
     permissionsPolicy: {
       accelerometer: [],
+      /* Disable OWASP Experimental values
       'ambient-light-sensor':[],
+      */
       autoplay:[],
+      /* Disable OWASP Experimental values
       battery:[],
+      */
       camera:[],
       'display-capture':[],
+      /* Disable OWASP Experimental values
       'document-domain':[],
+      */
       'encrypted-media':[],
       fullscreen:[],
+      /* Disable OWASP Experimental values
       gamepad:[],
+      */
       geolocation:[],
       gyroscope:[],
+      /* Disable OWASP Experimental values
       'layout-animations':['self'],
+      */
+      /* Disable OWASP Experimental values
       'legacy-image-formats':['self'],
+      */
       magnetometer:[],
       microphone:[],
       midi:[],
+      /* Disable OWASP Experimental values
       'oversized-images':['self'],
+      */
       payment:[],
       'picture-in-picture':[],
       'publickey-credentials-get':[],
+      'screen-wake-lock':[],
+      /* Disable OWASP Experimental values
       'speaker-selection':[],
+      */
       'sync-xhr':['self'],
+      /* Disable OWASP Experimental values
       'unoptimized-images':['self'],
+      */
+      /* Disable OWASP Experimental values
       'unsized-media':['self'],
+      */
       usb:[],
-      'screen-wake-lock':[],
       'web-share':[],
       'xr-spatial-tracking':[]
     }
diff --git a/test/headers.test.ts b/test/headers.test.ts
@@ -92,7 +92,7 @@ describe('[nuxt-security] Headers', async () => {
     const ppHeaderValue = headers.get('permissions-policy')
 
     expect(ppHeaderValue).toBeTruthy()
-    expect(ppHeaderValue).toBe('accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), gamepad=(), geolocation=(), gyroscope=(), layout-animations=(self), legacy-image-formats=(self), magnetometer=(), microphone=(), midi=(), oversized-images=(self), payment=(), picture-in-picture=(), publickey-credentials-get=(), speaker-selection=(), sync-xhr=(self), unoptimized-images=(self), unsized-media=(self), usb=(), screen-wake-lock=(), web-share=(), xr-spatial-tracking=()')
+    expect(ppHeaderValue).toBe('accelerometer=(), autoplay=(), camera=(), display-capture=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(self), usb=(), web-share=(), xr-spatial-tracking=()')
   })
 
   it('has `referrer-policy` header set with correct default value', async () => {
diff --git a/test/perRoute.test.ts b/test/perRoute.test.ts

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "nuxt-security",`
`3`		`- "version": "2.0.0-rc.5",`
	`3`	`+ "version": "2.0.0-rc.6",`
`4`	`4`	`"license": "MIT",`
`5`	`5`	`"type": "module",`
`6`	`6`	`"homepage": "https://nuxt-security.vercel.app",`