Server Configuration Implementation

Apache Configuration

# Global restrictive policy
Header always set Permissions-Policy "accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()"

# Specific feature allowances
<Directory "/var/www/maps">
    Header set Permissions-Policy "geolocation=(self), camera=(), microphone=()"
</Directory>

<Directory "/var/www/video-chat">
    Header set Permissions-Policy "camera=(self), microphone=(self), geolocation=()"
</Directory>

# Allow payment on checkout pages
<Location "/checkout">
    Header set Permissions-Policy "payment=(self 'https://payment-provider.com'), geolocation=(), camera=()"
</Location>

Nginx Configuration

# Default restrictive policy
add_header Permissions-Policy "accelerometer=(), camera=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), payment=(), usb=()" always;

# Location-specific policies
location /video-conference {
    add_header Permissions-Policy "camera=(self), microphone=(self), display-capture=(self), fullscreen=(self)" always;
}

location /store {
    add_header Permissions-Policy "payment=(self 'https://stripe.com' 'https://paypal.com'), camera=(), microphone=()" always;
}

# Map-based dynamic policies
map $request_uri $permissions_policy {
    default "camera=(), microphone=(), geolocation=(), payment=()";
    ~^/maps "geolocation=(self 'https://maps.googleapis.com')";
    ~^/checkout "payment=(self 'https://checkout.stripe.com')";
    ~^/support "microphone=(self), camera=(self)";
}

add_header Permissions-Policy $permissions_policy always;