Elk white-outs in Chrome 129

[agektmr]

On current Chrome beta (129), Elk is completely broken with an error Error with Permissions-Policy header: Parse of permissions policy failed because of errors reported by structured header parser..

This is likely caused by a permission-policy based enforcement (I'm not familiar with details).

[heaths]

FWIW, likely affects all Chromium-based browsers. Edge 129.0.2792.10 (Official build) dev (64-bit) is broken as well - showing only the logo and a black screen (dark theme) with the same error printed to the console.

[agektmr]

Note Chrome 129 will start being rolled out to stable around September 11th.

https://chromiumdash.appspot.com/schedule

[agektmr]

I just realized that elk.zone works fine on Chrome canary. It's likely the issue was caused by Chrome rather than elk.zone's code. Perhaps they can backport the fix to Chrome beta so you don't have to take any action. Let's see.

[engedy]

I have briefly looked at this, and this is the Permissions-Policy header value that I am seeing:

camera=(), display-capture=(), fullscreen='self' https: http:, geolocation=(), microphone=()

Note that this is not a well-formed value as per the Structured Field Policy Directive and RFC8941 specifications. As a quick fix, I'd recommend rewriting the fullscreen member to something like:

camera=(), display-capture=(), fullscreen=(self "https:" "http:"), geolocation=(), microphone=()

Simultaneously, I have filed crbug.com/364804210 to investigate why parsing with Chrome 128 vs. 129 vs. 130 gives different results, as I am not aware of any changes to the parser.

[shuuji3]

Thanks for the investigation! Yes, the current Permissions-Policy header has an invalid value.

The response header is defined here: https://github.com/elk-zone/elk/blob/0fba07e/nuxt.config.ts#L302 and it looks like it was copied from content-security-policy format but it's not compatible with permissions-policy value.

According to MDN document (Permissions-Policy - HTTP | MDN), the correct value accepting other domains should be * so probably the header should be

Permissions-Policy: camera=(), display-capture=(), fullscreen=*, geolocation=(), microphone=()

I'm going to create a PR to fix this issue.

[shuuji3]

#2941 will fix the Permissions-Policy header parse error, but it seems that the same white-out issue still persists on Google Chrome v129.

There may be another issue (may or may not be related to Permissions-Policy) in addition to the invalid header. But it's difficult to guess the root cause since there is no console error now

[engedy]

One option could be to bisect Chrome versions to pinpoint a good and bad version reasonable close to each other, and look at the blamelist to see if anything stands out.

[engedy]

I also checked again, and now I see permission policy parse errors with all three versions of Chrome (not sure what I was seeing in the morning). I believe the Permissions-Policy parse error message is a red herring, there seems to be a different issue here.

[userquin]

Maybe fixed in 130, tested with Edge Canary 130 and Chrome Canary 130 on my Windows laptop: elk.zone is working

[chhe]

Version 130.0.6723.6 of Chrome has been rolled out on the beta channel today. Elk loads fine again.

[Jawvig]

Based on https://learn.microsoft.com/en-us/deployedge/microsoft-edge-release-schedule I predict a lot of noise about this soon ("Week of Sep 19"), as 129 will be in the Edge stable release channel for 4 weeks. Luckily for me I should only have one more week to wait for 130 on the beta channel (Sep 26).

[shuuji3]

Reopening the issue as #2941 should fix the Permissions-Policy header syntax error and Chrome v130 doesn't have this issue, but the white-out issue still persists on Chrome v129.

The stable release of Google Chrome v130 will be October 15 so I think only workaround is to use the non-chromium browser or beta version of browsers until that time. That's not ideal for general users.

By the way, I bisected Chrome versions by installing via Puppeteer and found which version resolves the white-out issue:

• NG - version: 130.0.6680.0 / revision: 1346662
• OK - version: 130.0.6681.0 / revision: 1347096

You can find the list of version/revision here: https://github.com/GoogleChromeLabs/chrome-for-testing#json-api-endpoints
and install pre-built chromium binary easily by running:

npx @puppeteer/browsers install chrome@<version-number>

[kristofzerbe]

From a users perspective:

As of today, Elk is unfortunately dead because it can no longer be opened in Chromium-based browsers desktop and mobile with the latest version 129. I use Chrome and Edge only. Error message in the console: Error with Permissions-Policy header: “Parse of permissions policy failed because of errors reported by structured header parser.”

Since most users like me probably have automatic updates switched on and avoid the Canary versions, the number of users will drop rapidly if no countermeasures are taken here.

[Jonty]

This currently means elk is broken on all Android phones running stable Chrome.

[shanselman]

I'm on 130 now and this persists wtih

Error with Permissions-Policy header: Parse of permissions policy failed because of errors reported by structured header parser.

[danielroe]

@shanselman do you get the same error with https://main.elk.zone ? We merged #2941 but haven't released it to https://elk.zone yet.

[kristofzerbe]

@shanselman do you get the same error with https://main.elk.zone ? We merged #2941 but haven't released it to https://elk.zone yet.

main.elk.zone works for me and Chrome 129 👍

[rhuss]

same here, main.elk.zone works for me, elk.zone not.

[danielroe]

Just released v0.15.0 which should address this issue.

It should come with a self-nuking + reinstalling service worker to address the issue of not being able to upgrade elk from the UI.

Let me know if you encounter any issues 🙏

[rhuss]

0.15.0 works for me now, thanks!

[shanselman]

It's a Christmas Miracle! Thanks @danielroe and everyone in this thread!