Security Header

  • Resolved jimk1416

    (@jimk1416)


    4 months, 3 weeks ago

    I would like to add a permissions security header to my htacess file.
    Can you tell me if using it like this will still allow users to search for locations near them without any issues?

    Header always set Permissions-Policy: "geolocation=(self), microphone=();"

    The page I need help with: [log in to see the link]

Viewing 4 replies - 1 through 4 (of 4 total)

  • Hi there, thanks for reaching out.

    I just tried adding the header you mention on my test website and the geolocation works just fine. It allows the browser to track the user’s location (asking for their consent, as expected), and also to look for other locations in the map.

    However this is to be expected, since the default allowlist for geolocation is “self”, so you are not actually restricting anything in terms of geolocation for your own website.

    I hope that helps.
    Regards,

    Thread Starter jimk1416

    (@jimk1416)

    Hey @farroyob
    Thanks for your quick reply (as always)
    I wasn’t sure how the (self) actually worked.
    What if I were to use it with my domain?

    Permissions-Policy: geolocation=("https://www.mywebsite.com"), microphone=()

    Hi again,

    The effect of using your own domain should be the same as using self, but please pay attention, because maybe you have enabled access to your website with and without the “www.” prefix, and those are two different permissions scenarios. In that case you should add both. That is why it is more recommended to use “self”, in my opinion it is more elegant.

    Best regards,

    Thread Starter jimk1416

    (@jimk1416)

    Hey @farroyob

    Understood. Great explanation.
    Thanks again for your time and the quick reply

Viewing 4 replies - 1 through 4 (of 4 total)
  • You must be logged in to reply to this topic.

Tags