How can I add in Apache Feature Policy Header?
I have a multimedia site which offers users to upload their own media (video,music) or embed media from sites like YouTube, Vimeo etc.
Recently, new header is being announced. I tried to add this header but I believe I made a mistake somewhere.
This is how I tried to add this header;
Header always set Feature-Policy "vibrate 'self'; usermedia '*'; microphone 'none'; payment 'none'; sync-xhr 'self' mysiteURL.com"
Getting these error below;
Error with Feature-Policy header: Unrecognized feature: 'vibrate'.
(index):1 Error with Feature-Policy header: Unrecognized feature: 'usermedia'.
(index):1 Error with Feature-Policy header: Unrecognized origin: 'mysiteURL.com'.
(index):1 Error with Feature-Policy header: Unrecognized feature: 'vibrate'.
(index):1 Error with Feature-Policy header: Unrecognized feature: 'usermedia'.
(index):1 Error with Feature-Policy header: Unrecognized origin: 'mysiteURL.com'.
Any help will be appreciated!
Those are web browser errors not Apache errors. So the browser just doesn't support turning on of off of those features. They are very new so support for this header is not great at the moment.
The Chrome features supported so far can be seen in the code and it can be seen that vibrate
and usermedia
are not yet supported by Chrome.
You also appear to have a few syntax errors, specifically:
usermedia '*'
Should not have quotes around the star (though this is difficult to tell since it is not yet supported and at least one Google document also states this incorrectly).
sync-xhr 'self' mysiteURL.com
URLs should be prefixed with the scheme (https://
).
So, for now, you could change your header to this to avoid those errors, (though you might want to add vibrate
and usermedia
back in if they ever become supported later):
Header always set Feature-Policy "microphone 'none'; payment 'none'; sync-xhr 'self' https://mysiteURL.com"
Update 2020
The Feature Policy
has been changed to Permissions Policy
and the usage is slightly different now. I thought this might be helpful here because this post has been viewed many times.
Header always set Permissions-Policy "vibrate=(self), usermedia=(*), microphone=(none), payment=(none), sync-xhr=(self 'mysiteURL.com')"
More details: Hello Permissions Policy