Add Permission Policy module to GovCMS #1520
Description
Please provide the Drupal.org URL for the module
URL: https://www.drupal.org/project/permissionspolicy
What value does this module/package add to GovCMS?
This module picks up a shortcoming of the Security Kit module by providing control over the "permission-policy" HTTP header which replaces the existing "feature-policy" header provided by Security Kit.
Is the module Drupal 11 compatible?
Yes
Please provide a brief outline of what this module does.
This module adds the ability for users to define the "permission-policy" header, which is the successor to the "feature-policy" header that was deprecated in 2020, and is provided through the current Security Kit module. The module maintainer has stated that the module will NOT merge with Security Kit.
Feature-Policy header only works for Firefox and Safari browsers.
Permission-Policy header only works for Chrome and Edge browsers, however development is underway for Firefox.
Both are required in order to maintain consistent functionality across all browsers.
Who does this module benefit:
[x] end users
[ ] content editors
[x] site builders
[x] themers
[x] developers
How could you provide/replicate the functionality of this module using alternative methods, eg in your theme?
Altering the headers is not available via the Theme.
If this module styles or alters HTML or JavaScript output, can the functionality be provided via the theme? What alternatives have you considered.
It does not.
What is the maintenance and support status of the module. Describe the issue queue activity.
Only 3 open issues, last issue raised 5 months ago was marked as Fixed.
What permissions are needed to utilise the module (and are any new permissions provided by the module)?
New permission: Administer Permissions Policy
Restricts the administration of the module to users with this permission.
Does the module modify the database structure and/or store additional metadata on nodes or other entities? If so, why? What are the risks for future updates?
No new entities, only configuration.
Is the module designed to capture anonymous user data?
No
Is the output of the module typically fully cacheable? Would the inclusion of this module potentially render pages uncacheable.
Yes, cacheable.
What is your assessment of the quality of this module, the contribution history of the module's maintainers, and the uptake of the module within the Drupal community?
Due to the modules very limited scope, and the maintainers preference not to merge with other modules (SecKit), it appears as though the module is currently fit for purpose and will not undergo any major enhancements other than keeping it inline with the Permission Policy standards.