@Danish Javed have you fixed the issue yet?
I wrote a blog post on this. The gist of the article are three possible fixes:
attribution-reporting DirectiveIf your application does not rely on attribution-reporting, simply remove it from the Permissions-Policy header in your server or hosting configuration.
If you intend to use attribution-reporting, ensure that your app consider cross-browser quirks. Check for browser support using req.headers['user-agent'] and conditionally add the header:
const userAgent = req.headers['user-agent'];
if (userAgent.includes('Chrome/')) {
res.setHeader("Permissions-Policy", "attribution-reporting=()");
}
If the header is being added by a dependency (e.g., a library or hosting provider), update the dependency or override its configuration. If you're using Vercel, you might want to use a vercel.json file:
{
"headers": [
{
"source": "/(.*)",
"headers": [
{
"key": "Permissions-Policy",
"value": "geolocation=(), microphone=()"
}
]
}
]
}