add header: Feature-Policy

app.py

@@ -31,6 +31,13 @@ def find_key(token):
     sslify = SSLify(app, skips=[".well-known"])
 
 
+@app.after_request
+def add_feature_policy(response):
+    """Add feature policy."""
+    response.headers["Feature-Policy"] = "geolocation 'none'"
+    return response
+
+
 @app.route("/<path:path>")
 def static_proxy(path):
     """Find static files."""

app_test.py

@@ -7,7 +7,13 @@
 from werkzeug.exceptions import NotFound
 from flask_testing import LiveServerTestCase
 
-from app import acme, find_key, static_proxy, index_redirection
+from app import (
+    acme,
+    find_key,
+    static_proxy,
+    index_redirection,
+    add_feature_policy,
+)
 
 from app import ROOT
 from app import app
@@ -41,6 +47,7 @@ def check_security_headers(self, resp):
         self.assertTrue("X-XSS-Protection" in headers)
         self.assertTrue("X-Content-Type-Options" in headers)
         self.assertTrue("Content-Security-Policy" in headers)
+        self.assertTrue("Feature-Policy" in headers)
         self.assertEqual(headers["X-Frame-Options"], "SAMEORIGIN")
 
     def test_index_redirection_req(self):
@@ -109,6 +116,7 @@ def test_acme(self):
     def test_index_redirection(self):
         """Test index page redirection."""
         resp = index_redirection()
+        add_feature_policy(resp)
         self.assertEqual(resp.status_code, 200)
         resp.close()
 
@@ -119,6 +127,7 @@ def test_static_proxy(self):
         for h in htmls:
             u = "notes/" + h
             resp = static_proxy(u)
+            add_feature_policy(resp)
             self.assertEqual(resp.status_code, 200)
             resp.close()