hyperzlib
/
nodebb
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Revert "feat: cross origin opener policy options (#10710)"

Browse Source 
This reverts commit 881323583f.
isekai-main
Julian Lam 3 years ago
parent 9f291c07d3
commit 46050ace1a
4 changed files with 1 additions and 12 deletions
Show Stats Download Patch File Download Diff File

1
install/data/defaults.json
Unescape Escape View File

@ -154,7 +154,6 @@
"digestHour": 17, "digestHour": 17,
"passwordExpiryDays": 0, "passwordExpiryDays": 0,
"cross-origin-embedder-policy": 0, "cross-origin-embedder-policy": 0,
"cross-origin-opener-policy": "same-origin",
"cross-origin-resource-policy": "same-origin", "cross-origin-resource-policy": "same-origin",
"hsts-maxage": 31536000, "hsts-maxage": 31536000,
"hsts-subdomains": 0, "hsts-subdomains": 0,

1
public/language/en-GB/admin/settings/advanced.json
Unescape Escape View File

@ -17,7 +17,6 @@
"headers.acah": "Access-Control-Allow-Headers", "headers.acah": "Access-Control-Allow-Headers",
"headers.coep": "Cross-Origin-Embedder-Policy", "headers.coep": "Cross-Origin-Embedder-Policy",
"headers.coep-help": "When enabled (default), will set the header to <code>require-corp</code>", "headers.coep-help": "When enabled (default), will set the header to <code>require-corp</code>",
"headers.coop": "Cross-Origin-Opener-Policy",
"headers.corp": "Cross-Origin-Resource-Policy", "headers.corp": "Cross-Origin-Resource-Policy",
"hsts": "Strict Transport Security", "hsts": "Strict Transport Security",
"hsts.enabled": "Enabled HSTS (recommended)", "hsts.enabled": "Enabled HSTS (recommended)",

9
src/views/admin/settings/advanced.tpl
Unescape Escape View File

@ -73,15 +73,6 @@
</label> </label>
</div> </div>
<p class="help-block">[[admin/settings/advanced:headers.coep-help]]</p> <p class="help-block">[[admin/settings/advanced:headers.coep-help]]</p>
<div class="form-group">
<label for="cross-origin-resource-policy">[[admin/settings/advanced:headers.coop]]</label>
<select class="form-control" id="cross-origin-opener-policy" data-field="cross-origin-opener-policy">
<option value="same-origin">same-origin</option>
<option value="same-origin-allow-popups">same-origin-allow-popups</option>
<option value="unsafe-none">unsafe-none</option>
</select>
</div>
<div class="form-group"> <div class="form-group">
<label for="cross-origin-resource-policy">[[admin/settings/advanced:headers.corp]]</label> <label for="cross-origin-resource-policy">[[admin/settings/advanced:headers.corp]]</label>
<select class="form-control" id="cross-origin-resource-policy" data-field="cross-origin-resource-policy"> <select class="form-control" id="cross-origin-resource-policy" data-field="cross-origin-resource-policy">

2
src/webserver.js
Unescape Escape View File

@ -196,7 +196,7 @@ function setupHelmet(app) {
if (meta.config['cross-origin-embedder-policy']) { if (meta.config['cross-origin-embedder-policy']) {
app.use(helmet.crossOriginEmbedderPolicy()); app.use(helmet.crossOriginEmbedderPolicy());
} }
app.use(helmet.crossOriginOpenerPolicy({ policy: meta.config['cross-origin-opener-policy'] })); app.use(helmet.crossOriginOpenerPolicy());
app.use(helmet.crossOriginResourcePolicy({ policy: meta.config['cross-origin-resource-policy'] })); app.use(helmet.crossOriginResourcePolicy({ policy: meta.config['cross-origin-resource-policy'] }));
app.use(helmet.dnsPrefetchControl()); app.use(helmet.dnsPrefetchControl());
app.use(helmet.expectCt()); app.use(helmet.expectCt());

Write Preview
Loading…
Cancel
Save