Open agektmr opened 2 weeks ago
FWIW, likely affects all Chromium-based browsers. Edge 129.0.2792.10 (Official build) dev (64-bit) is broken as well - showing only the logo and a black screen (dark theme) with the same error printed to the console.
Note Chrome 129 will start being rolled out to stable around September 11th.
I just realized that elk.zone works fine on Chrome canary. It's likely the issue was caused by Chrome rather than elk.zone's code. Perhaps they can backport the fix to Chrome beta so you don't have to take any action. Let's see.
I have briefly looked at this, and this is the Permissions-Policy
header value that I am seeing:
camera=(), display-capture=(), fullscreen='self' https: http:, geolocation=(), microphone=()
Note that this is not a well-formed value as per the Structured Field Policy Directive and RFC8941 specifications. As a quick fix, I'd recommend rewriting the fullscreen
member to something like:
camera=(), display-capture=(), fullscreen=(self "https:" "http:"), geolocation=(), microphone=()
Simultaneously, I have filed crbug.com/364804210 to investigate why parsing with Chrome 128 vs. 129 vs. 130 gives different results, as I am not aware of any changes to the parser.
Thanks for the investigation! Yes, the current Permissions-Policy
header has an invalid value.
The response header is defined here: https://github.com/elk-zone/elk/blob/0fba07e/nuxt.config.ts#L302 and it looks like it was copied from content-security-policy format but it's not compatible with permissions-policy value.
According to MDN document (Permissions-Policy - HTTP | MDN), the correct value accepting other domains should be *
so probably the header should be
Permissions-Policy: camera=(), display-capture=(), fullscreen=*, geolocation=(), microphone=()
I'm going to create a PR to fix this issue.
Permissions-Policy
header parse error, but it seems that the same white-out issue still persists on Google Chrome v129.There may be another issue (may or may not be related to Permissions-Policy
) in addition to the invalid header. But it's difficult to guess the root cause since there is no console error now
One option could be to bisect Chrome versions to pinpoint a good
and bad
version reasonable close to each other, and look at the blamelist to see if anything stands out.
I also checked again, and now I see permission policy parse errors with all three versions of Chrome (not sure what I was seeing in the morning). I believe the Permissions-Policy
parse error message is a red herring, there seems to be a different issue here.
Maybe fixed in 130, tested with Edge Canary 130 and Chrome Canary 130 on my Windows laptop: elk.zone is working
On current Chrome beta (129), Elk is completely broken with an error
Error with Permissions-Policy header: Parse of permissions policy failed because of errors reported by structured header parser.
.This is likely caused by a permission-policy based enforcement (I'm not familiar with details).