Feature policy header blocking camera request
- This topic is empty.
-
AuthorPosts
-
RobertGuest
Hey hey!
We’ve been having some issues with camera permissions on Android phones, and it seems that it has something to do with the Permissions-Policy header.
SlickStack blocks camera usage by default here: https://github.com/littlebizzy/slickstack/blob/b584bb2abd6d97a1209a9e6e76cedf8a00829a8f/bash/ss-install-nginx-config.txt#L366
Is there a way where I can overwrite this? I see the NGINX_HEADER_PERMISSIONS_POLICY var, but it seems that theres no place to set it in ss-config. Could I place it there?
Thanks!
AlbertGuest@OP Why does your WordPress site require camera access? Yes SlickStack blocks that permission by default for security reasons, but we could reconsider if there are use cases where it makes sense. But I’m not sure of any use case where a WordPress website would need access to a user’s camera? Please share more info.
CharlesGuestmaybe they are doing the sexy cams using Buddypress ♨️♨️♨️
KennethGuestHey,
Thanks for the response! Currently we’re supporting a legacy WP app that requires users to be verified, in that process they need to allow camera access to take ID / selfie photos.
It’s not ideal, we’re already migrating it to another tech, but in the meantime we would need to support this. It started happening after we migrated to SlickStack (as per our recommendation), so that’s why it would be super important to get this working in the meantime.
MelissaGuestYes probably not a good idea to use WordPress for that, but a third party app via subdomain or otherwise whenever possible.
I think you can edit your nginx.conf for now to remove that line? And avoid reinstalling SlickStack otherwise it will be overwritten
JulieGuestOk, I think that will do for now!
I just changed the nginx.conf with the new camera policy, but the browser is still receiving the same permission policy headers. I also cleared the cache. Is there anything Im missing for those configs to take place?
JamesGuest@OP You can purge all caches with
ss purge
command in SlickStack and also purge the Cloudflare cache too if possible.Browsers sometimes cache things too long anyways
Manual clear browser cache might help?
EvelynGuestwe are discussing this in Discord, we are considering support for a new standard file called e.g.
featurepolicy.conf
or something under /etc/nginx/conf.d/ and if SlickStack detects that file exists then skip adding that line…Still being discussed
MadisonGuestChristianGuestHey folks, nice to know this might be a feature in the future!
The headers updated after I restarted nginx, but weirdly enough it created a /includes folder inside /var/www/sites and nginx wasnt able to restart properly.
Then I had to remove the folder and try to restart again, everything worked fine and the header was updated! Thanks for all the help so far 🙂
VirginiaGuestPlease try reinstalling SlickStack now after build version
APR2023R
that problem should now be patched because of new syntax in nginx.conf## include blocks (old) ## # include /var/www/sites/*; ## include blocks (new) ## include /var/www/sites/production[.]conf; include /var/www/sites/staging[.]conf; include /var/www/sites/development[.]conf;
https://github.com/littlebizzy/slickstack/blob/master/modules/nginx/nginx-conf.txt
JosephGuestTheresaGuestUpdate on this:
You can now customize a file called
/var/www/sites/includes/perms-policy.conf
with your own Permissions Policy rules (this is the new name of Features Policy header).Ex.
add_header Permissions-Policy "camera=(), encrypted-media=(), geolocation=(), microphone=(), midi=()" always;
If the file doesn’t exist already, our default submodule will be installed there:
https://github.com/littlebizzy/slickstack/blob/master/modules/nginx/includes/perms-policy-conf.txt
Hope this helps your projects, cheers
-
AuthorPosts