Merge pull request #222 from martincostello/feature-policy

Add Feature-Policy HTTP header

.vscode/launch.json

@@ -10,7 +10,7 @@
             "request": "launch",
             "preLaunchTask": "build",
             // If you have changed target frameworks, make sure to update the program path.
-            "program": "${workspaceRoot}/src/Website/bin/Debug/netcoreapp2.0/Website.dll",
+            "program": "${workspaceRoot}/src/Website/bin/Debug/netcoreapp2.1/Website.dll",
             "args": [],
             "cwd": "${workspaceRoot}/src/Website",
             "stopAtEntry": false,

src/Website/Middleware/CustomHttpHeadersMiddleware.cs

@@ -103,6 +103,7 @@ public Task Invoke(HttpContext context)
 
                     context.Response.Headers.Add("Content-Security-Policy", _contentSecurityPolicy);
                     context.Response.Headers.Add("Content-Security-Policy-Report-Only", _contentSecurityPolicyReportOnly);
+                    context.Response.Headers.Add("Feature-Policy", "accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'");
                     context.Response.Headers.Add("Referrer-Policy", "no-referrer-when-downgrade");
                     context.Response.Headers.Add("X-Content-Type-Options", "nosniff");
                     context.Response.Headers.Add("X-Download-Options", "noopen");

tests/Website.Tests/Integration/ResourceTests.cs

@@ -116,6 +116,7 @@ public async Task Response_Headers_Contains_Expected_Headers()
             {
                 "content-security-policy",
                 "content-security-policy-report-only",
+                "feature-policy",
                 "Referrer-Policy",
                 "X-Content-Type-Options",
                 "X-Datacenter",