Package io.camunda.security.configuration.headers

Class PermissionsPolicyConfig

java.lang.Object

io.camunda.security.configuration.headers.PermissionsPolicyConfig

public class PermissionsPolicyConfig
extends Object

Configures Permissions-Policy header to control browser feature access.

Permissions Policy (formerly Feature Policy) allows fine-grained control over which browser features and APIs can be used in a document or iframe. This helps: - Improve privacy by disabling unnecessary sensors/APIs - Enhance security by limiting attack surface - Enforce best practices by preventing use of legacy APIs - Improve performance by disabling unused features

The policy is not set by default, allowing applications to define policies based on their specific needs. Common uses include: - Disabling geolocation, camera, microphone for privacy - Preventing payment APIs on non-payment pages - Disabling legacy features like document-write - Restricting autoplay to improve user experience

Example policies: - "geolocation=(), camera=(), microphone=()" - Disable sensors - "payment=(self)" - Only allow payments on same origin - "accelerometer=() gyroscope=() magnetometer=()" - Disable motion sensors

See Also:

• MDN: Permissions-Policy
• MDN: Permissions Policy Guide
• Permissions Policy Generator

Field Summary

Fields

Modifier and Type	Field	Description
static final String	DEFAULT_PERMISSIONS_POLICY_VALUE

Constructor Summary

Constructors

Constructor	Description
PermissionsPolicyConfig()

Method Summary

Modifier and Type	Method	Description
String	getValue()
void	setValue(String value)

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Details

DEFAULT_PERMISSIONS_POLICY_VALUE

public static final String DEFAULT_PERMISSIONS_POLICY_VALUE

See Also:

• Constant Field Values

Constructor Details

PermissionsPolicyConfig

public PermissionsPolicyConfig()

Method Details

getValue

public String getValue()

setValue

public void setValue(String value)