From 6e0ed8522a5fd70b6b2f799b6eba52705d4bfe1e Mon Sep 17 00:00:00 2001
From: Tommy <contact@tommytran.io>
Date: Tue, 29 Aug 2023 05:20:28 -0700
Subject: [PATCH] Do not replace upstream permission policies

Signed-off-by: Tommy <contact@tommytran.io>
---
 Caddyfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Caddyfile b/Caddyfile
index 6d39954..f844cdb 100644
--- a/Caddyfile
+++ b/Caddyfile
@@ -30,7 +30,7 @@
       # log, so that fail2ban can ban the correct IP.
       header_up X-Real-IP {remote_host}
       header_down Strict-Transport-Security "max-age=63072000; includeSubdomains; preload"
-      header_down Permissions-Policy "accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), clipboard-read=(), display-capture=(), document-domain=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), hid=(), idle-detection=(), interest-cohort=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), screen-wake-lock=(), serial=(), usb=(), sync-xhr=(), xr-spatial-tracking=()"
+      header_down +Permissions-Policy "hid=(), idle-detection=(), interest-cohort=(), serial=()"
       header_down +Content-Security-Policy "upgrade-insecure-requests; block-all-mixed-content; base-uri 'none'"
       header_down X-XSS-Protection "0"
       header_down Cross-Origin-Opener-Policy same-origin