Questions tagged [http-permissions-policy]
Use this tag for questions related to the Permissions-Policy HTTP header
18
questions
0
votes
0
answers
29
views
Simultaneous usage of feature policy and permission policy in chrome still results in errors - how to implement
I'm working on a project that implements a Feature Policy header. This is due to be updated to Permission Policy. Since the coverage for this isn't optimal yet (no Firefox and Safari) I'd want to have ...
0
votes
1
answer
7k
views
In Chrome console: Error with Permissions-Policy-Report-Only header: Feature fullscreen's parameters are ignored
How do I get the Permissions-Policy-Report-Only header to call the reporting endpoint?
I am trying to use this header to collect data from the browser, say when the unload event gets called or when ...
0
votes
0
answers
428
views
Permissions-Policy whic are added ASP.NET web.config files are not worked
I added below permission policy header to ASP.NET web.config file in my project
<httpProtocol>
<customHeaders>
<add name="Permissions-Policy" value="fullscreen=();&...
6
votes
0
answers
3k
views
"Error with Permissions-Policy header: Unrecognized feature: 'ch-ua-form-factor'" and site loading very slow
Browser: Google Chrome. I'm getting this warning on a php site with 14 YouTube embedded videos, and I have noticed that since this error showing up (it's new as far as I know) the site is taking ...
6
votes
0
answers
717
views
How to craft a comprehensive Permissions Policy without triggering console warnings?
In trying to make our application as secure as possible, following best-practice advice and addressing issues flagged by OWASP... We added a Permission-Policy header to our app.
Since there's no way (...
2
votes
1
answer
3k
views
What exactly "because of errors reported by structured header parser" means in `Permissions-Policy` error message
I have a Wordpress-Page where I've set following lines in functions.php:
// Permissions-Policy
header("Features-Policy: accelerometer 'none' ; ambient-light-sensor 'none' ; autoplay 'none' ; ...
5
votes
0
answers
298
views
Hide/Remove Permission-Policy header warnings in chrome
We have added new permission policies in our application's web.xml file. Since then, we've been watching these warnings in google chrome's (MS Edge as well) console. Also, this is not visible in ...
1
vote
1
answer
948
views
Permission policy headers not shown in the firefox and chrome configurations
I try to set up the permissions policy header for the websites I managed.
Here's the header retrieved from the network tab of my Firefox browser:
permissions-policy:
accelerometer=(), ambient-light-...
2
votes
1
answer
335
views
Enable webUSB across cross-origin iframes without sharing permissions
I'm trying to work with webUSB on a page that contains sandboxed iframes from different origins. My goal is that the top level page and each of the embedded contexts can all use webUSB, but don't ...
3
votes
1
answer
2k
views
Declaring Feature-Policy (Permissions-Policy) headers in HTML meta tag
Is it possible to add feature policy headers by doing meta tag implementation? Apparently it didn't work for me with the following specific feature.
<meta http-equiv="Feature-Policy" ...
0
votes
1
answer
178
views
Feature policies dropped when React app is loaded in iframe
I'm adding a feature to a react app (app A) which loads microservices in different tabs. This is a legacy system and achieves this by using <iframe src="..."> returned as a component ...
2
votes
0
answers
828
views
NotAllowedError in iframe while using contentWindow.location, featurePolicy doesn't work
I am new to writing UI and React code, I started on a bug in our product, where feature policies (see Using_Feature_Policy) do not work when I replace iFrame.contentWindow.location with my iFrame URL, ...
3
votes
2
answers
3k
views
Using `navigator.credentials.get()` in cross-origin iframe gives error "'publickey-credentials-get' feature is not enabled in this document"
Getting the error while logging into an iframe through webauthn.
The 'publickey-credentials-get' feature is not enabled in this
document. Permissions Policy may be used to delegate Web
Authentication ...
0
votes
1
answer
1k
views
Set Permission-Policy for Vue and NodeJS app
I have an application that has a VueJs based front end and NodeJs based backend API. The client-side is a SPA and it communicates with API for getting data. Now in a security scan, it is mentioned ...
1
vote
1
answer
2k
views
Set feature-policy to iframe after insertion
I have this issue when try request fullscreen in Firefox.
Request for fullscreen was denied because of FeaturePolicy directives
I am trying to set the allow attribute in iframe node from allow='...