From 88e94e5f98b9883f23defc926a8c128e19074466 Mon Sep 17 00:00:00 2001
From: martincostello <martin@martincostello.com>
Date: Sun, 29 Jul 2018 11:18:08 +0100
Subject: [PATCH 1/2] Fix VS Code launch configuration

Fix the VS Code launch configuration since it was broken by #211.
---
 .vscode/launch.json | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.vscode/launch.json b/.vscode/launch.json
index d1059ecb..74d3685b 100644
--- a/.vscode/launch.json
+++ b/.vscode/launch.json
@@ -10,7 +10,7 @@
             "request": "launch",
             "preLaunchTask": "build",
             // If you have changed target frameworks, make sure to update the program path.
-            "program": "${workspaceRoot}/src/Website/bin/Debug/netcoreapp2.0/Website.dll",
+            "program": "${workspaceRoot}/src/Website/bin/Debug/netcoreapp2.1/Website.dll",
             "args": [],
             "cwd": "${workspaceRoot}/src/Website",
             "stopAtEntry": false,

From f9398975c81076f2d2e722b0377884010a8331ca Mon Sep 17 00:00:00 2001
From: martincostello <martin@martincostello.com>
Date: Sun, 29 Jul 2018 11:22:44 +0100
Subject: [PATCH 2/2] Implement Feature-Policy HTTP header

Return the Feature-Policy HTTP response header with the same Feature-Policy as Scott Helme's blog.
---
 src/Website/Middleware/CustomHttpHeadersMiddleware.cs | 1 +
 tests/Website.Tests/Integration/ResourceTests.cs      | 1 +
 2 files changed, 2 insertions(+)

diff --git a/src/Website/Middleware/CustomHttpHeadersMiddleware.cs b/src/Website/Middleware/CustomHttpHeadersMiddleware.cs
index 2919afaa..47db1c1e 100644
--- a/src/Website/Middleware/CustomHttpHeadersMiddleware.cs
+++ b/src/Website/Middleware/CustomHttpHeadersMiddleware.cs
@@ -103,6 +103,7 @@ public Task Invoke(HttpContext context)
 
                     context.Response.Headers.Add("Content-Security-Policy", _contentSecurityPolicy);
                     context.Response.Headers.Add("Content-Security-Policy-Report-Only", _contentSecurityPolicyReportOnly);
+                    context.Response.Headers.Add("Feature-Policy", "accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'");
                     context.Response.Headers.Add("Referrer-Policy", "no-referrer-when-downgrade");
                     context.Response.Headers.Add("X-Content-Type-Options", "nosniff");
                     context.Response.Headers.Add("X-Download-Options", "noopen");
diff --git a/tests/Website.Tests/Integration/ResourceTests.cs b/tests/Website.Tests/Integration/ResourceTests.cs
index 66eba947..7641abc9 100644
--- a/tests/Website.Tests/Integration/ResourceTests.cs
+++ b/tests/Website.Tests/Integration/ResourceTests.cs
@@ -116,6 +116,7 @@ public async Task Response_Headers_Contains_Expected_Headers()
             {
                 "content-security-policy",
                 "content-security-policy-report-only",
+                "feature-policy",
                 "Referrer-Policy",
                 "X-Content-Type-Options",
                 "X-Datacenter",