From 46050ace1a65430fe1b567086727da22afab4f73 Mon Sep 17 00:00:00 2001
From: Julian Lam <julian@nodebb.org>
Date: Fri, 17 Jun 2022 11:21:41 -0400
Subject: [PATCH] Revert "feat: cross origin opener policy options (#10710)"

This reverts commit 881323583f16dc01068aa5af5343ce1f7c77c4aa.
---
 install/data/defaults.json                         | 1 -
 public/language/en-GB/admin/settings/advanced.json | 1 -
 src/views/admin/settings/advanced.tpl              | 9 ---------
 src/webserver.js                                   | 2 +-
 4 files changed, 1 insertion(+), 12 deletions(-)

diff --git a/install/data/defaults.json b/install/data/defaults.json
index 3f0e428fce..ee355aadab 100644
--- a/install/data/defaults.json
+++ b/install/data/defaults.json
@@ -154,7 +154,6 @@
     "digestHour": 17,
     "passwordExpiryDays": 0,
     "cross-origin-embedder-policy": 0,
-    "cross-origin-opener-policy": "same-origin",
     "cross-origin-resource-policy": "same-origin",
     "hsts-maxage": 31536000,
     "hsts-subdomains": 0,
diff --git a/public/language/en-GB/admin/settings/advanced.json b/public/language/en-GB/admin/settings/advanced.json
index e372d48d70..ddf000be64 100644
--- a/public/language/en-GB/admin/settings/advanced.json
+++ b/public/language/en-GB/admin/settings/advanced.json
@@ -17,7 +17,6 @@
 	"headers.acah": "Access-Control-Allow-Headers",
 	"headers.coep": "Cross-Origin-Embedder-Policy",
 	"headers.coep-help": "When enabled (default), will set the header to <code>require-corp</code>",
-	"headers.coop": "Cross-Origin-Opener-Policy",
 	"headers.corp": "Cross-Origin-Resource-Policy",
 	"hsts": "Strict Transport Security",
 	"hsts.enabled": "Enabled HSTS (recommended)",
diff --git a/src/views/admin/settings/advanced.tpl b/src/views/admin/settings/advanced.tpl
index ae8f6e5c4d..6f997604e6 100644
--- a/src/views/admin/settings/advanced.tpl
+++ b/src/views/admin/settings/advanced.tpl
@@ -73,15 +73,6 @@
 				</label>
 			</div>
 			<p class="help-block">[[admin/settings/advanced:headers.coep-help]]</p>
-			<div class="form-group">
-				<label for="cross-origin-resource-policy">[[admin/settings/advanced:headers.coop]]</label>
-				<select class="form-control" id="cross-origin-opener-policy" data-field="cross-origin-opener-policy">
-					<option value="same-origin">same-origin</option>
-					<option value="same-origin-allow-popups">same-origin-allow-popups</option>
-					<option value="unsafe-none">unsafe-none</option>
-				</select>
-			</div>
-
 			<div class="form-group">
 				<label for="cross-origin-resource-policy">[[admin/settings/advanced:headers.corp]]</label>
 				<select class="form-control" id="cross-origin-resource-policy" data-field="cross-origin-resource-policy">
diff --git a/src/webserver.js b/src/webserver.js
index 647a0c777a..f12c4658b2 100644
--- a/src/webserver.js
+++ b/src/webserver.js
@@ -196,7 +196,7 @@ function setupHelmet(app) {
 	if (meta.config['cross-origin-embedder-policy']) {
 		app.use(helmet.crossOriginEmbedderPolicy());
 	}
-	app.use(helmet.crossOriginOpenerPolicy({ policy: meta.config['cross-origin-opener-policy'] }));
+	app.use(helmet.crossOriginOpenerPolicy());
 	app.use(helmet.crossOriginResourcePolicy({ policy: meta.config['cross-origin-resource-policy'] }));
 	app.use(helmet.dnsPrefetchControl());
 	app.use(helmet.expectCt());