From fdbd731b204357a3e5128aa849e50a24d867afad Mon Sep 17 00:00:00 2001
From: Danny Lake <danny.lake@orium.com>
Date: Tue, 12 Mar 2024 18:56:40 -0700
Subject: [PATCH] feat: update Permission-Policy header for camera and
 microphone

---
 composable-ui/next.config.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/composable-ui/next.config.js b/composable-ui/next.config.js
index 3477a86..de19b8a 100644
--- a/composable-ui/next.config.js
+++ b/composable-ui/next.config.js
@@ -14,8 +14,8 @@ const HEADERS = {
   // 'Content-Security-Policy': ;
   // Be sure to set your Content-Security-Policy (CSP) based on your desired security practices.
   // Read more about CSP and the available directives on https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy
-  'Permissions-Policy':
-    'camera=(self), microphone=(self), geolocation=(self), interest-cohort=(self)',
+  // For example, if you want to ensure only the site itself can use your camera and microphone, you can add the following to the Permissions-Policy: camera=(self), microphone=(self)
+  'Permissions-Policy': 'geolocation=(self), interest-cohort=(self)',
 }
 
 module.exports = () => {