From ad1ae29105ff5101b591bc29ed168eba5006f348 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bar=C4=B1=C5=9F=20Soner=20U=C5=9Fakl=C4=B1?=
 <barisusakli@gmail.com>
Date: Wed, 10 May 2023 17:42:56 -0400
Subject: [PATCH] dep: closes #11577
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Breaking: Cross-Origin-Embedder-Policy middleware is now disabled by default. See #​411
---
 install/package.json | 2 +-
 src/webserver.js     | 4 +---
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/install/package.json b/install/package.json
index 07d665ecc2..33d8fcdee1 100644
--- a/install/package.json
+++ b/install/package.json
@@ -67,7 +67,7 @@
         "file-loader": "6.2.0",
         "fs-extra": "11.1.1",
         "graceful-fs": "4.2.11",
-        "helmet": "6.2.0",
+        "helmet": "7.0.0",
         "html-to-text": "9.0.5",
         "ipaddr.js": "2.0.1",
         "jquery": "3.6.4",
diff --git a/src/webserver.js b/src/webserver.js
index c0a1c8e537..8a70a3a2e3 100644
--- a/src/webserver.js
+++ b/src/webserver.js
@@ -192,11 +192,9 @@ function setupHelmet(app) {
 		crossOriginOpenerPolicy: { policy: meta.config['cross-origin-opener-policy'] },
 		crossOriginResourcePolicy: { policy: meta.config['cross-origin-resource-policy'] },
 		referrerPolicy: { policy: 'strict-origin-when-cross-origin' },
+		crossOriginEmbedderPolicy: !!meta.config['cross-origin-embedder-policy'],
 	};
 
-	if (!meta.config['cross-origin-embedder-policy']) {
-		options.crossOriginEmbedderPolicy = false;
-	}
 	if (meta.config['hsts-enabled']) {
 		options.hsts = {
 			maxAge: meta.config['hsts-maxage'],