From f6424dc6a70c598d581743113ef292d7e6487077 Mon Sep 17 00:00:00 2001
From: terminaldweller <thabogre@gmail.com>
Date: Mon, 28 Mar 2022 23:08:44 +0430
Subject: added feature-policy to nginx

---
 spring-front/nginx.conf | 1 +
 1 file changed, 1 insertion(+)

diff --git a/spring-front/nginx.conf b/spring-front/nginx.conf
index cea4a92..db1eea9 100644
--- a/spring-front/nginx.conf
+++ b/spring-front/nginx.conf
@@ -22,6 +22,7 @@ http {
     add_header X-Content-Type-Options "nosniff" always;
     add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
     add_header Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' unpkg.com; style-src 'self' 'unsafe-inline' unpkg.com";
+    add_header Feature-Policy "geolocation none;midi none;notifications none;push none;sync-xhr none;microphone none;camera none;magnetometer none;gyroscope none;speaker none;vibrate none;fullscreen self;payment none;";
     add_header X-Frame-Options SAMEORIGIN always;
     add_header X-XSS-Protection "1; mode=block" always;
     fastcgi_hide_header X-Powered-By;
-- 
cgit v1.2.3