Apache server .htaccess set header for Content-Security-Policy causes 500 error

Question

I am trying to add 2 headers to the .htaccess file but when the site is reloaded it gives a 500 internal server error

First header is:

Header set Content-Security-Policy: default-src https:

According to this website, this should allow any assets to load over https from any origin.

Second header is:

Permissions-Policy: geolocation=(self "https://example.com"), microphone=()

Obviously changing example.com to the proper domain, but the same website says this should work but also causes internal server error.

A 500 error is the webservers way of saying "I have a major problem but I don't want to talk about it in public". Read the error logs of your server. They contain a clear message about the error. — Gerald Schneider, Feb 25 '22 at 12:50

score 0 · Accepted Answer · answered Feb 25 '22 at 12:51

0

Header set Content-Security-Policy: default-src https:

Header set Content-Security-Policy "default-src https:"

Is correct syntax.

In addition you should verify that mod_headers is enabled.

answered Feb 25 '22 at 12:51

vidarlo

Hey, mod_headers is enabled as i have a bunch of others. Thanks for the answer, that fixed it, i also added unsafe-inline. Do you know what may be the issue with permissions-policy? I actually tried Header set Permissions-Policy geolocation=(self "https://example.com"), microphone=() - i removed the colon after policy but still 500 error – noname Feb 25 '22 at 13:02
If it fixed it, please accept the answer. Regarding your other line, read my answer again, and read the manual again. You're using the wrong syntax. – vidarlo Feb 25 '22 at 13:03

1 Answers1