Jhoose 2.5.0 hero

Jhoose Security Modules v2.6.0 — Added support for Permissions Policy and .NET 10

CMS
Content Security Policy
Optimizely
Security

Version 2.6.0 adds support for the Permissions Policy Header. This header provides a mechanism to control browser features such as camera, Bluetooth, autoplay, etc.

This update gives developers greater control over modern browser behaviours, helping ensure compliance and improved security across Optimizely implementations.

What's New In Version 2.6

.NET support

I have added support for .NET 10, and removed support for .NET6 and .NET7. I decided to remove support for these as Microsoft no longer supports them, and I wanted to take advantage of the more modern versions of the framework.

Permissions Policy

The Permissions Policy is a replacement for the Feature Policy and is not supported by all browsers. Currently, only Chrome, Edge and Opera support this header.

Managing Permissions Policy In The UI

Policy Editor
Permissions Policy Editor UI

The interface allows you to manage all the browser feature controlled by the Permission Policy. I would recommend that you only override a policy when you have a requirement to do so as the browser has a default configuration that will automatically be applied.

Security Settings and Reporting

Security Settings
Security settings showing the Permission Policy options

Within the security module settings it's possible to enable or disable the permissions policy header.

  • On - The header is added to the response.

  • Off - The header is not added to the response.

  • Report Only - The report only version of the header is added to the response.

All violations will be sent to the specified external reporting (if configured). If you have configured issues to be reported locally, then any permission policy violations will be shown in the dashboard and accessible in the issue search pages.

Import / Export

The Permissions Policy values are included in the export files allowing them to be backed up, or moved between environments.

API Access

The Permissions Policy is also included in the response of the Rest API.

Closing Thoughts

This new version extends the security features provided by the Jhoose Security module, enabling you to further enhance the protection of your Optimizely-based websites.

Further reading