-
Notifications
You must be signed in to change notification settings - Fork 45
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Add strict Permissions-Policy header #1583
Conversation
🦙 MegaLinter status:
|
Descriptor | Linter | Files | Fixed | Errors | Elapsed time |
---|---|---|---|---|---|
✅ EDITORCONFIG | editorconfig-checker | 11 | 0 | 0.06s | |
✅ JAVASCRIPT | eslint | 6 | 0 | 0 | 6.01s |
markdownlint | 2 | 0 | 1 | 0.91s | |
✅ MARKDOWN | markdown-table-formatter | 2 | 0 | 0 | 0.45s |
✅ REPOSITORY | checkov | yes | no | 46.84s | |
✅ REPOSITORY | git_diff | yes | no | 0.01s | |
✅ REPOSITORY | grype | yes | no | 16.42s | |
✅ REPOSITORY | trivy-sbom | yes | no | 4.25s | |
✅ REPOSITORY | trufflehog | yes | no | 91.24s | |
✅ TSX | eslint | 1 | 0 | 0 | 6.1s |
✅ TYPESCRIPT | eslint | 2 | 0 | 0 | 6.5s |
See detailed report in MegaLinter reports
Set VALIDATE_ALL_CODEBASE: true
in mega-linter.yml to validate all sources, not only the diff
internals/getPermissionHeaders.js
Outdated
geolocation=(), | ||
gyroscope=("https://api.sardine.ai"), |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
This is annoying for maintenance: Sardine is a dependency of Transak. We won't know when Transak changes their dependencies, or if Sardine started requiring geolocation.
Should we loosen accelerometer,ambient-light-sensor,camera,encrypted-media,geolocation,gyroscope,magnetometer,microphone,publickey-credentials-get,web-share to =*
?
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Although Transak docs say to put allow="camera;microphone;fullscreen;payment"
on iframe, so it's already further restricted 🤷
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
I would say loosen, to avoid maintenance problems.
Codecov Report
@@ Coverage Diff @@
## master #1583 +/- ##
==========================================
+ Coverage 83.01% 83.10% +0.08%
==========================================
Files 157 155 -2
Lines 4069 4054 -15
Branches 729 728 -1
==========================================
- Hits 3378 3369 -9
+ Misses 691 685 -6
Flags with carried forward coverage won't be shown. Click here to find out more.
|
Deploying with Cloudflare Pages
|
8ed5ec1
to
84b30f3
Compare
Currently we have
Permissions-Policy: usb=*
deployed (equal to nothing).