Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2026-05-07 00:06:33 +02:00
Code Issues Packages Projects Releases Wiki Activity

Revert "Revert "feat: cross origin opener policy options (#10710)""

Browse Source 
This reverts commit 46050ace1a.
This commit is contained in:
Julian Lam
2022-06-17 11:22:57 -04:00
parent 97baa8f2f7
commit 0d68643bcb
4 changed files with 12 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
src/views/admin/settings/advanced.tpl
View File

@@ -73,6 +73,15 @@
</label>
</div>
<p class="help-block">[[admin/settings/advanced:headers.coep-help]]</p>
<div class="form-group">
<label for="cross-origin-resource-policy">[[admin/settings/advanced:headers.coop]]</label>
<select class="form-control" id="cross-origin-opener-policy" data-field="cross-origin-opener-policy">
<option value="same-origin">same-origin</option>
<option value="same-origin-allow-popups">same-origin-allow-popups</option>
<option value="unsafe-none">unsafe-none</option>
</select>
</div>
<div class="form-group">
<label for="cross-origin-resource-policy">[[admin/settings/advanced:headers.corp]]</label>
<select class="form-control" id="cross-origin-resource-policy" data-field="cross-origin-resource-policy">

2
src/webserver.js
View File

@@ -196,7 +196,7 @@ function setupHelmet(app) {
if (meta.config['cross-origin-embedder-policy']) {
app.use(helmet.crossOriginEmbedderPolicy());
}
app.use(helmet.crossOriginOpenerPolicy());
app.use(helmet.crossOriginOpenerPolicy({ policy: meta.config['cross-origin-opener-policy'] }));
app.use(helmet.crossOriginResourcePolicy({ policy: meta.config['cross-origin-resource-policy'] }));
app.use(helmet.dnsPrefetchControl());
app.use(helmet.expectCt());