Rename Feature-Policy header to Permissions-Policy
yosifeldman opened this issue Β· 8 comments
According to the following link, the Feature-Policy header is now renamed to the Permissions-Policy.
https://www.w3.org/TR/permissions-policy-1/
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Feature-Policy
Since yesterday (July 20 2020) started to get errors in Console in the Chrome:
"Error with Feature-Policy header: Unrecognized feature: 'display-capture'."
Hi @bepsvpt! Can you please update it soon? It shows a lot of errors on my website π’
any updates on this one?
6.2.0 adds use-permissions-policy-header
config key to feature-policy
, set it to true
will use Permissions-Policy
header name.
https://github.com/bepsvpt/secure-headers/blob/6.2.0/config/secure-headers.php#L148-L159
worked like a charm. thanks π
The header gets changed correctly but the format of the values changed too.
A policy which would previously have been expressed as:
Feature-Policy: fullscreen 'self' https://example.com https://another.example.com; geolocation *; camera 'none'
would now look like:
Permissions-Policy: fullscreen=(self "https://example.com" "https://another.example.com"), geolocation=*, camera=()
Came across this as well after using https://observatory.mozilla.org/ . Hope to see it implemented and released.
7.0.0
was released, if there is any problem with permissions-policy
, feel free to reply on this issue.
Note: Feature-Policy
was removed.