Elk white-outs in Chrome 129

[agektmr]

On current Chrome beta (129), Elk is completely broken with an error Error with Permissions-Policy header: Parse of permissions policy failed because of errors reported by structured header parser..

This is likely caused by a permission-policy based enforcement (I'm not familiar with details).

[heaths]

FWIW, likely affects all Chromium-based browsers. Edge 129.0.2792.10 (Official build) dev (64-bit) is broken as well - showing only the logo and a black screen (dark theme) with the same error printed to the console.

[agektmr]

Note Chrome 129 will start being rolled out to stable around September 11th.

https://chromiumdash.appspot.com/schedule

[agektmr]

I just realized that elk.zone works fine on Chrome canary. It's likely the issue was caused by Chrome rather than elk.zone's code. Perhaps they can backport the fix to Chrome beta so you don't have to take any action. Let's see.

[engedy]

I have briefly looked at this, and this is the Permissions-Policy header value that I am seeing:

camera=(), display-capture=(), fullscreen='self' https: http:, geolocation=(), microphone=()

Note that this is not a well-formed value as per the Structured Field Policy Directive and RFC8941 specifications. As a quick fix, I'd recommend rewriting the fullscreen member to something like:

camera=(), display-capture=(), fullscreen=(self "https:" "http:"), geolocation=(), microphone=()

Simultaneously, I have filed crbug.com/364804210 to investigate why parsing with Chrome 128 vs. 129 vs. 130 gives different results, as I am not aware of any changes to the parser.

[shuuji3]

Thanks for the investigation! Yes, the current Permissions-Policy header has an invalid value.

The response header is defined here: https://github.com/elk-zone/elk/blob/0fba07e/nuxt.config.ts#L302 and it looks like it was copied from content-security-policy format but it's not compatible with permissions-policy value.

According to MDN document (Permissions-Policy - HTTP | MDN), the correct value accepting other domains should be * so probably the header should be

Permissions-Policy: camera=(), display-capture=(), fullscreen=*, geolocation=(), microphone=()

I'm going to create a PR to fix this issue.

[shuuji3]

2941 will fix the Permissions-Policy header parse error, but it seems that the same white-out issue still persists on Google Chrome v129.

There may be another issue (may or may not be related to Permissions-Policy) in addition to the invalid header. But it's difficult to guess the root cause since there is no console error now

[engedy]

One option could be to bisect Chrome versions to pinpoint a good and bad version reasonable close to each other, and look at the blamelist to see if anything stands out.

[engedy]

I also checked again, and now I see permission policy parse errors with all three versions of Chrome (not sure what I was seeing in the morning). I believe the Permissions-Policy parse error message is a red herring, there seems to be a different issue here.

[userquin]

Maybe fixed in 130, tested with Edge Canary 130 and Chrome Canary 130 on my Windows laptop: elk.zone is working