From 1192cffa297ef02dabfc9428844a590cd2d954bc Mon Sep 17 00:00:00 2001
From: eternal-flame-AD <yume@yumechi.jp>
Date: Sun, 24 Nov 2024 11:19:45 -0600
Subject: [PATCH 1/2] more permissions-policy

Signed-off-by: eternal-flame-AD <yume@yumechi.jp>
---
 packages/backend/src/server/ServerService.ts         | 12 +++++++++++-
 .../backend/src/server/web/ClientServerService.ts    | 10 ----------
 2 files changed, 11 insertions(+), 11 deletions(-)

diff --git a/packages/backend/src/server/ServerService.ts b/packages/backend/src/server/ServerService.ts
index e55a52fcab..8c3d6b5b27 100644
--- a/packages/backend/src/server/ServerService.ts
+++ b/packages/backend/src/server/ServerService.ts
@@ -278,7 +278,17 @@ export class ServerService implements OnApplicationShutdown {
 		// Other Security/Privacy Headers
 		fastify.addHook('onRequest', (_, reply, done) => {
 			reply.header('x-content-type-options', 'nosniff');
-			reply.header('permissions-policy', 'interest-cohort=()'); // Disable FLoC
+			reply.header('permissions-policy', 
+						[
+							'interest-cohort', 
+							'encrypted-media', 
+							'attribution-reporting', 
+							'geolocation', 'microphone', 'camera', 
+							'midi', 'payment', 'usb', 'serial',
+							'xr-spatial-tracking'
+						]
+					.map(feature => `${feature}=()`).join(', '));
+				
 			if (this.config.browserSandboxing.strictOriginReferrer) {
 				reply.header('referrer-policy', 'strict-origin');
 			}
diff --git a/packages/backend/src/server/web/ClientServerService.ts b/packages/backend/src/server/web/ClientServerService.ts
index 0f1fdca0d4..8e1737a92d 100644
--- a/packages/backend/src/server/web/ClientServerService.ts
+++ b/packages/backend/src/server/web/ClientServerService.ts
@@ -248,16 +248,6 @@ export class ClientServerService {
 			fastify.addHook('onRequest', makeHstsHook(host, preload));
 		}
 
-		// Other Security/Privacy Headers
-		fastify.addHook('onRequest', (_, reply, done) => {
-			reply.header('x-content-type-options', 'nosniff');
-			reply.header('permissions-policy', 'interest-cohort=()'); // Disable FLoC
-			if (this.config.browserSandboxing.strictOriginReferrer ?? true) {
-				reply.header('referrer-policy', 'strict-origin');
-			}
-			done();
-		});
-
 		// CSP
 		if (process.env.NODE_ENV === 'production') {
 			console.debug('cspPrerenderedContent', this.config.cspPrerenderedContent);

From e59b4ccd50438d36d90243299bc894dde5dc9004 Mon Sep 17 00:00:00 2001
From: eternal-flame-AD <yume@yumechi.jp>
Date: Sun, 24 Nov 2024 11:44:16 -0600
Subject: [PATCH 2/2] fix loading spinner

Signed-off-by: eternal-flame-AD <yume@yumechi.jp>
---
 packages/backend/src/server/pug-filters.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/packages/backend/src/server/pug-filters.ts b/packages/backend/src/server/pug-filters.ts
index eea8ffc3ad..ce51f48df9 100644
--- a/packages/backend/src/server/pug-filters.ts
+++ b/packages/backend/src/server/pug-filters.ts
@@ -7,6 +7,6 @@ export const commonPugFilters = {
             throw new Error('Invalid mimeType');
         }
         const dataURI = `data:${options.mimeType};base64,${Buffer.from(data).toString('base64')}`;
-        return `<${options.tagName} data="${dataURI}"></${options.tagName}>`;
+        return `<${options.tagName} src="${dataURI}"></${options.tagName}>`;
     }
 } as const;