@jackdbd/eleventy-plugin-permissions-policy
Eleventy plugin that writes Permissions-Policy and Feature-Policy headers to a _headers file when Eleventy builds your site.
Installation
npm install @jackdbd/eleventy-plugin-permissions-policy
⚠️ Peer DependenciesThis package defines 2 peer dependencies.
| Peer | Version range |
|---|---|
@11ty/eleventy |
>=2.0.0 or 3.0.0-alpha.4 |
debug |
>=4.0.0 |
About
Hosting providers like Cloudflare Pages and Netlify allow to define custom response headers in a plain text file called _headers. This file must be placed in the publish directory of your site (e.g. usually _site for a Eleventy site).
This plugin allows you to define a Permissions-Policy or a Feature-Policy header in your Eleventy configuration file, and then it automatically writes those headers into your _headers file when you build your site.
Docs
📖 API Docs
This project uses API Extractor and api-documenter markdown to generate a bunch of markdown files and a
.d.tsrollup file containing all type definitions consolidated into a single file. I don't find this.d.tsrollup file particularly useful. On the other hand, the markdown files that api-documenter generates are quite handy when reviewing the public API of this project.See Generating API docs if you want to know more.
Usage
In your Eleventy config file:
import { permissionsPolicyPlugin } from '@jackdbd/eleventy-plugin-permissions-policy'
export default function (eleventyConfig) {
// some eleventy configuration...
eleventyConfig.addPlugin(permissionsPolicyPlugin, {
directives: [
{ feature: 'autoplay', allowlist: ['*'] },
{ feature: 'geolocation', allowlist: ['self'] },
{ feature: 'camera', allowlist: ['self', 'https://trusted-site.example'] },
{ feature: 'fullscreen', allowlist: [] }
],
includeFeaturePolicy: true
})
// some more eleventy configuration...
}Configuration
Read these resources to understand how to configure the Permissions-Policy and the Feature-Policy HTTP response headers.
- A new security header: Feature Policy
- Goodbye Feature Policy and hello Permissions Policy!
- Permissions Policy Explainer
- Policy Controlled Features
- Controlling browser features with Permissions Policy
Plugin options
| Key | Default | Description |
|---|---|---|
directives |
[] |
Permissions-Policy directives. |
excludePatterns |
[] |
Files that match these patterns will not be served with the Permissions-Policy header (nor with the Feature-Policy header, if generated). |
includeFeaturePolicy |
true |
Whether to generate also a Feature-Policy header. |
includePatterns |
`[ | |
| "/", | ||
| "/*/" | ||
| ]` | Files that match these patterns will be served with the Permissions-Policy header (and also with the Feature-Policy header, if generated). | |
jsonRecap |
false |
Permissions-Policy directive
| Key | Default | Description |
|---|---|---|
allowlist |
undefined |
A set of origins and/or special values (*, none, self, src). |
feature |
undefined |
A policy-controlled feature is an API or behaviour which can be enabled or disabled in a document by referring to it in a permissions policy. |
Troubleshooting
This plugin uses the debug library for logging.
You can control what's logged using the DEBUG environment variable.
For example, if you set your environment variables in a .envrc file, you can do:
# print all logging statements
export DEBUG=11ty-plugin:*Dependencies
| Package | Version |
|---|---|
| zod | ^3.22.4 |
| zod-validation-error | ^3.0.0 |
License
© 2022 - 2024 Giacomo Debidda // MIT License