[Robert]

Hey hey!

We’ve been having some issues with camera permissions on Android phones, and it seems that it has something to do with the Permissions-Policy header.

SlickStack blocks camera usage by default here: https://github.com/littlebizzy/slickstack/blob/b584bb2abd6d97a1209a9e6e76cedf8a00829a8f/bash/ss-install-nginx-config.txt#L366

Is there a way where I can overwrite this? I see the NGINX_HEADER_PERMISSIONS_POLICY var, but it seems that theres no place to set it in ss-config. Could I place it there?

Thanks!

[Albert]

@OP Why does your WordPress site require camera access? Yes SlickStack blocks that permission by default for security reasons, but we could reconsider if there are use cases where it makes sense. But I’m not sure of any use case where a WordPress website would need access to a user’s camera? Please share more info.

[Charles]

maybe they are doing the sexy cams using Buddypress ♨️♨️♨️

[Kenneth]

Hey,

Thanks for the response! Currently we’re supporting a legacy WP app that requires users to be verified, in that process they need to allow camera access to take ID / selfie photos.

It’s not ideal, we’re already migrating it to another tech, but in the meantime we would need to support this. It started happening after we migrated to SlickStack (as per our recommendation), so that’s why it would be super important to get this working in the meantime.

[Melissa]

Yes probably not a good idea to use WordPress for that, but a third party app via subdomain or otherwise whenever possible.

I think you can edit your nginx.conf for now to remove that line? And avoid reinstalling SlickStack otherwise it will be overwritten

[Julie]

Ok, I think that will do for now!

I just changed the nginx.conf with the new camera policy, but the browser is still receiving the same permission policy headers. I also cleared the cache. Is there anything Im missing for those configs to take place?

[James]

@OP You can purge all caches with ss purge command in SlickStack and also purge the Cloudflare cache too if possible.

Browsers sometimes cache things too long anyways

Manual clear browser cache might help?

[Evelyn]

we are discussing this in Discord, we are considering support for a new standard file called e.g. featurepolicy.conf or something under /etc/nginx/conf.d/ and if SlickStack detects that file exists then skip adding that line…

Still being discussed

[Madison]

https://github.com/littlebizzy/slickstack/issues/201

[Christian]

Hey folks, nice to know this might be a feature in the future!

The headers updated after I restarted nginx, but weirdly enough it created a /includes folder inside /var/www/sites and nginx wasnt able to restart properly.

Then I had to remove the folder and try to restart again, everything worked fine and the header was updated! Thanks for all the help so far 🙂

[Virginia]

Please try reinstalling SlickStack now after build version APR2023R that problem should now be patched because of new syntax in nginx.conf

## include blocks (old) ##
# include /var/www/sites/*;

## include blocks (new) ##
include /var/www/sites/production[.]conf;
include /var/www/sites/staging[.]conf;
include /var/www/sites/development[.]conf;

https://github.com/littlebizzy/slickstack/blob/master/modules/nginx/nginx-conf.txt

[Joseph]

Related

https://github.com/littlebizzy/slickstack/issues/198

[Theresa]

Update on this:

You can now customize a file called /var/www/sites/includes/perms-policy.conf with your own Permissions Policy rules (this is the new name of Features Policy header).

Ex.

add_header Permissions-Policy "camera=(), encrypted-media=(), geolocation=(), microphone=(), midi=()" always;

If the file doesn’t exist already, our default submodule will be installed there:

https://github.com/littlebizzy/slickstack/blob/master/modules/nginx/includes/perms-policy-conf.txt

Hope this helps your projects, cheers

[Author]

Posts