From 881323583f16dc01068aa5af5343ce1f7c77c4aa Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Bar=C4=B1=C5=9F=20Soner=20U=C5=9Fakl=C4=B1?= Date: Fri, 17 Jun 2022 09:40:02 -0400 Subject: [PATCH] feat: cross origin opener policy options (#10710) --- install/data/defaults.json | 1 + public/language/en-GB/admin/settings/advanced.json | 1 + src/views/admin/settings/advanced.tpl | 9 +++++++++ src/webserver.js | 2 +- 4 files changed, 12 insertions(+), 1 deletion(-) diff --git a/install/data/defaults.json b/install/data/defaults.json index ee355aadab..3f0e428fce 100644 --- a/install/data/defaults.json +++ b/install/data/defaults.json @@ -154,6 +154,7 @@ "digestHour": 17, "passwordExpiryDays": 0, "cross-origin-embedder-policy": 0, + "cross-origin-opener-policy": "same-origin", "cross-origin-resource-policy": "same-origin", "hsts-maxage": 31536000, "hsts-subdomains": 0, diff --git a/public/language/en-GB/admin/settings/advanced.json b/public/language/en-GB/admin/settings/advanced.json index ddf000be64..e372d48d70 100644 --- a/public/language/en-GB/admin/settings/advanced.json +++ b/public/language/en-GB/admin/settings/advanced.json @@ -17,6 +17,7 @@ "headers.acah": "Access-Control-Allow-Headers", "headers.coep": "Cross-Origin-Embedder-Policy", "headers.coep-help": "When enabled (default), will set the header to require-corp", + "headers.coop": "Cross-Origin-Opener-Policy", "headers.corp": "Cross-Origin-Resource-Policy", "hsts": "Strict Transport Security", "hsts.enabled": "Enabled HSTS (recommended)", diff --git a/src/views/admin/settings/advanced.tpl b/src/views/admin/settings/advanced.tpl index 6f997604e6..ae8f6e5c4d 100644 --- a/src/views/admin/settings/advanced.tpl +++ b/src/views/admin/settings/advanced.tpl @@ -73,6 +73,15 @@

[[admin/settings/advanced:headers.coep-help]]

+
+ + +
+