readthedocs · davidfischer · May 11, 2021 · Apr 29, 2021 · ericholscher · Apr 29, 2021
diff --git a/dockerfiles/nginx/proxito.conf b/dockerfiles/nginx/proxito.conf
@@ -66,6 +66,8 @@ server {
         add_header Cache-Tag $cache_tag always;
         set $referrer_policy $upstream_http_referrer_policy;
         add_header Referrer-Policy $referrer_policy always;
+        set $permissions_policy $upstream_http_permissions_policy;
+        add_header Permissions-Policy $permissions_policy always;
     }
 
     # Serve 404 pages here

diff --git a/readthedocs/settings/base.py b/readthedocs/settings/base.py
@@ -99,6 +99,12 @@ class CommunityBaseSettings(Settings):
         "/admin/",
     )
 
+    # Permissions Policy
+    # https://github.com/adamchainz/django-permissions-policy
+    PERMISSIONS_POLICY = {
+        "interest-cohort": [],
+    }
+
     # Read the Docs
     READ_THE_DOCS_EXTENSIONS = ext
     RTD_LATEST = 'latest'
@@ -228,6 +234,7 @@ def USE_PROMOS(self):  # noqa
         'corsheaders.middleware.CorsMiddleware',
         'csp.middleware.CSPMiddleware',
         'readthedocs.core.middleware.ReferrerPolicyMiddleware',
+        'django_permissions_policy.PermissionsPolicyMiddleware',
     )
 
     AUTHENTICATION_BACKENDS = (

diff --git a/requirements/pip.txt b/requirements/pip.txt
@@ -115,3 +115,5 @@ django-debug-toolbar==3.2.1
 
 # For enabling content-security-policy
 django-csp==3.7
+# For setting the permissions-policy security header
+django-permissions-policy==4.0.0