Updating security headers

Author: damienbod

content/StsServerIdentity/Filters/SecurityHeadersAttribute.cs

@@ -13,13 +13,6 @@ public override void OnResultExecuting(ResultExecutingContext context)
             var result = context.Result;
             if (result is ViewResult)
             {
-                var featurePolicy = "accelerometer 'none'; camera 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; payment 'none'; usb 'none'";
-
-                if (!context.HttpContext.Response.Headers.ContainsKey("feature-policy"))
-                {
-                    context.HttpContext.Response.Headers.Add("feature-policy", featurePolicy);
-                }
-
                 if (!context.HttpContext.Response.Headers.ContainsKey("X-Content-Type-Options"))
                 {
                     context.HttpContext.Response.Headers.Add("X-Content-Type-Options", "nosniff");

content/StsServerIdentity/SecurityHeadersDefinitions.cs

@@ -33,7 +33,7 @@ public static HeaderPolicyCollection GetHeaderPolicyCollection(bool isDev)
                     builder.AddFontSrc().Self();
                     builder.AddStyleSrc().Self().UnsafeInline();
                     builder.AddBaseUri().Self();
-                    builder.AddScriptSrc().UnsafeInline(); //.WithNonce();
+                    builder.AddScriptSrc().Self().UnsafeInline(); //.WithNonce();
                     builder.AddFrameAncestors().Self();
                     // builder.AddCustomDirective("require-trusted-types-for", "'script'");
                 })