BlackDex
commented
3 years ago @IssueFindings well looking in our code i see that we use the old draft name for this header, so maybe we need to add/update it to match the latest draft.
But in our code i see the following value for Feature-Policy, i think that if you copy that, it should work.
"accelerometer 'none'; ambient-light-sensor 'none'; autoplay 'none'; camera 'none'; encrypted-media 'none'; fullscreen 'none'; geolocation 'none'; gyroscope 'none'; magnetometer 'none'; microphone 'none'; midi 'none'; payment 'none'; picture-in-picture 'none'; sync-xhr 'self' https://haveibeenpwned.com https://twofactorauth.org; usb 'none'; vr 'none'"Also see: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy
Which states the same markup as in the code above instead of using =() as values.
IssueFindings
Hello, I try to configure the access to bitwarden through Nginx. When I test my Nginx configuration with https://www.immuniweb.com/websec/, I just get this error message : "PERMISSIONS-POLICY : The header is not properly set." and nothing more...
I don't understand my mistake in the code below :
add_header Permissions-Policy "usb=(), geolocation=(), midi=(), notifications=(), push=(), sync-xhr=(self, https://haveibeenpwned.com, https://twofactorauth.org), microphone=(), camera=(), magnetometer=(), gyroscope=(), speaker=(), vibrate=(), fullscreen=(self), payment=()";Anyone could you help me ?
Have a nice day.