Feature policy header blocking camera request
- This topic is empty.
-
AuthorPosts
-
April 24, 2023 at 10:09 pm #5125RobertGuest
Hey hey!
We’ve been having some issues with camera permissions on Android phones, and it seems that it has something to do with the Permissions-Policy header.
SlickStack blocks camera usage by default here: https://github.com/littlebizzy/slickstack/blob/b584bb2abd6d97a1209a9e6e76cedf8a00829a8f/bash/ss-install-nginx-config.txt#L366
Is there a way where I can overwrite this? I see the NGINX_HEADER_PERMISSIONS_POLICY var, but it seems that theres no place to set it in ss-config. Could I place it there?
Thanks!
April 25, 2023 at 12:59 pm #5128AlbertGuest@OP Why does your WordPress site require camera access? Yes SlickStack blocks that permission by default for security reasons, but we could reconsider if there are use cases where it makes sense. But I’m not sure of any use case where a WordPress website would need access to a user’s camera? Please share more info.
April 25, 2023 at 1:05 pm #5129CharlesGuestmaybe they are doing the sexy cams using Buddypress ♨️♨️♨️
April 25, 2023 at 2:33 pm #5130KennethGuestHey,
Thanks for the response! Currently we’re supporting a legacy WP app that requires users to be verified, in that process they need to allow camera access to take ID / selfie photos.
It’s not ideal, we’re already migrating it to another tech, but in the meantime we would need to support this. It started happening after we migrated to SlickStack (as per our recommendation), so that’s why it would be super important to get this working in the meantime.
April 25, 2023 at 3:06 pm #5131MelissaGuestYes probably not a good idea to use WordPress for that, but a third party app via subdomain or otherwise whenever possible.
I think you can edit your nginx.conf for now to remove that line? And avoid reinstalling SlickStack otherwise it will be overwritten
April 25, 2023 at 5:27 pm #5133JulieGuestOk, I think that will do for now!
I just changed the nginx.conf with the new camera policy, but the browser is still receiving the same permission policy headers. I also cleared the cache. Is there anything Im missing for those configs to take place?
April 25, 2023 at 9:04 pm #5134JamesGuest@OP You can purge all caches with
ss purge
command in SlickStack and also purge the Cloudflare cache too if possible.Browsers sometimes cache things too long anyways
Manual clear browser cache might help?
April 26, 2023 at 8:52 am #5135EvelynGuestwe are discussing this in Discord, we are considering support for a new standard file called e.g.
featurepolicy.conf
or something under /etc/nginx/conf.d/ and if SlickStack detects that file exists then skip adding that line…Still being discussed
April 26, 2023 at 9:01 am #5136MadisonGuestApril 26, 2023 at 2:22 pm #5137ChristianGuestHey folks, nice to know this might be a feature in the future!
The headers updated after I restarted nginx, but weirdly enough it created a /includes folder inside /var/www/sites and nginx wasnt able to restart properly.
Then I had to remove the folder and try to restart again, everything worked fine and the header was updated! Thanks for all the help so far 🙂
April 26, 2023 at 7:11 pm #5138VirginiaGuestPlease try reinstalling SlickStack now after build version
APR2023R
that problem should now be patched because of new syntax in nginx.conf## include blocks (old) ## # include /var/www/sites/*; ## include blocks (new) ## include /var/www/sites/production[.]conf; include /var/www/sites/staging[.]conf; include /var/www/sites/development[.]conf;
https://github.com/littlebizzy/slickstack/blob/master/modules/nginx/nginx-conf.txt
May 7, 2023 at 10:02 pm #5234JosephGuestApril 10, 2024 at 10:30 am #21538TheresaGuestUpdate on this:
You can now customize a file called
/var/www/sites/includes/perms-policy.conf
with your own Permissions Policy rules (this is the new name of Features Policy header).Ex.
add_header Permissions-Policy "camera=(), encrypted-media=(), geolocation=(), microphone=(), midi=()" always;
If the file doesn’t exist already, our default submodule will be installed there:
https://github.com/littlebizzy/slickstack/blob/master/modules/nginx/includes/perms-policy-conf.txt
Hope this helps your projects, cheers
-
AuthorPosts