🤩 New Cool Developer Tools for you. Explore →
FREE JavaScript Video Series Start Learning →
FLAT 75% OFF All Interactive courses at flat ₹250 / $3.25 only. HURRRRRY!! Explore now
  Signup/Sign In
Tests
MCQs to test your knowledge.
Forum
Engage with the community.
Compilers
Compilers to execute code in browser.

[SOLVED] Error with Permissions-Policy header - Parse of permission policy failed

Posted in Internet Security   LAST UPDATED: AUGUST 16, 2021

    If you implemented the Permissions policy on your web server and got the following error:


    Error with Permissions-Policy header: Parse of permission policy failed because of errors reported by structured header parser.

    Chances are, you implemented the Permissions policy incorrectly. In this article, we will help you with fixing the above issue along with understanding the components of the policy rule.

    The new Permissions-Policy HTTP header is a replacement for the existing Feature-Policy header which is used for handling the delegation of permissions and other crucial features.

    The header uses a structured syntax and allows any website to more strictly apply restrictions on which origins gets to access some features.

    Permissions Policy works exactly the same way as the Feature Policy worked.

    Solution for the Parse Error:

    Use the following Permissions-policy syntax and this should solve the problem:

    Permissions-Policy: fullscreen=(self "https://example.com" "https://another.example.com"),
    geolocation=*, camera=()

    This will go into the Apache web server's configuration file or the .htaccess file.

    Is Permissions-Policy different from Feature-Policy?

    The main change is that the Feature-Policy header is now called the Permissions-Policy.

    Earlier the policy looked like this:

    Feature-Policy: fullscreen 'self' https://example.com https://another.example.com;
    geolocation *; camera 'none'

    But now it is defined like this:

    Permissions-Policy: fullscreen=(self "https://example.com" "https://another.example.com"),
    geolocation=*, camera=()

    In the above policy, following are the differences than the earlier Feature-Policy:

    • self and * are tokens, and don't need to be quoted.

    • Origins are strings(domain name) and we should enclose it within double quotes.

    • Allow lists are normally enclosed in parentheses, but those can be omitted if there is only a single element.

    • Decalarations are separated by , rather than ;.

    Conclusion:

    I hope this solves your policy parse error. Permissions-Policy is a good add-on for security headers on a webserver. Having this security header in place also improves SEO for the website hosted on that webserver.

    You may also like:

    Want to learn coding?
    Try our new interactive courses.
    View All →
    Over 20,000+ students enrolled.
    About the author:
    iamabhishek
    I like writing content about C/C++, DBMS, Java, Docker, general How-tos, Linux, PHP, Java, Go lang, Cloud, and Web development. I have 10 years of diverse experience in software development. Founder @ Studytonight
    Tags:ApacheSecurity HeaderPermissions-Policy
    IF YOU LIKE IT, THEN SHARE IT
    RECENT POSTS
    A Case for Using Joomla in 2024
    How to Install PostgreSQL on Mac? Step by Step Guide
    Identity Proofing 101: Essential Concepts And Terminologies You Should Know
    How to Find Sales Tax Collected on Shopify – Mipler
    End-to-End Encryption, Understanding The Basics and How to Get Started
    How to Recover Lost or Deleted Data on Windows 11?
     

    RELATED POSTS