mirror of
https://github.com/NodeBB/NodeBB.git
synced 2026-05-06 17:16:28 +02:00
feat: cross origin opener policy options (#10710)
This commit is contained in:
Barış Soner Uşaklı
committed by
GitHub
GitHub
parent
20b75b24ad
commit
881323583f
@@ -154,6 +154,7 @@
|
|||||||
"digestHour": 17,
|
"digestHour": 17,
|
||||||
"passwordExpiryDays": 0,
|
"passwordExpiryDays": 0,
|
||||||
"cross-origin-embedder-policy": 0,
|
"cross-origin-embedder-policy": 0,
|
||||||
|
"cross-origin-opener-policy": "same-origin",
|
||||||
"cross-origin-resource-policy": "same-origin",
|
"cross-origin-resource-policy": "same-origin",
|
||||||
"hsts-maxage": 31536000,
|
"hsts-maxage": 31536000,
|
||||||
"hsts-subdomains": 0,
|
"hsts-subdomains": 0,
|
||||||
|
|||||||
@@ -17,6 +17,7 @@
|
|||||||
"headers.acah": "Access-Control-Allow-Headers",
|
"headers.acah": "Access-Control-Allow-Headers",
|
||||||
"headers.coep": "Cross-Origin-Embedder-Policy",
|
"headers.coep": "Cross-Origin-Embedder-Policy",
|
||||||
"headers.coep-help": "When enabled (default), will set the header to <code>require-corp</code>",
|
"headers.coep-help": "When enabled (default), will set the header to <code>require-corp</code>",
|
||||||
|
"headers.coop": "Cross-Origin-Opener-Policy",
|
||||||
"headers.corp": "Cross-Origin-Resource-Policy",
|
"headers.corp": "Cross-Origin-Resource-Policy",
|
||||||
"hsts": "Strict Transport Security",
|
"hsts": "Strict Transport Security",
|
||||||
"hsts.enabled": "Enabled HSTS (recommended)",
|
"hsts.enabled": "Enabled HSTS (recommended)",
|
||||||
|
|||||||
@@ -73,6 +73,15 @@
|
|||||||
</label>
|
</label>
|
||||||
</div>
|
</div>
|
||||||
<p class="help-block">[[admin/settings/advanced:headers.coep-help]]</p>
|
<p class="help-block">[[admin/settings/advanced:headers.coep-help]]</p>
|
||||||
|
<div class="form-group">
|
||||||
|
<label for="cross-origin-resource-policy">[[admin/settings/advanced:headers.coop]]</label>
|
||||||
|
<select class="form-control" id="cross-origin-opener-policy" data-field="cross-origin-opener-policy">
|
||||||
|
<option value="same-origin">same-origin</option>
|
||||||
|
<option value="same-origin-allow-popups">same-origin-allow-popups</option>
|
||||||
|
<option value="unsafe-none">unsafe-none</option>
|
||||||
|
</select>
|
||||||
|
</div>
|
||||||
|
|
||||||
<div class="form-group">
|
<div class="form-group">
|
||||||
<label for="cross-origin-resource-policy">[[admin/settings/advanced:headers.corp]]</label>
|
<label for="cross-origin-resource-policy">[[admin/settings/advanced:headers.corp]]</label>
|
||||||
<select class="form-control" id="cross-origin-resource-policy" data-field="cross-origin-resource-policy">
|
<select class="form-control" id="cross-origin-resource-policy" data-field="cross-origin-resource-policy">
|
||||||
|
|||||||
@@ -196,7 +196,7 @@ function setupHelmet(app) {
|
|||||||
if (meta.config['cross-origin-embedder-policy']) {
|
if (meta.config['cross-origin-embedder-policy']) {
|
||||||
app.use(helmet.crossOriginEmbedderPolicy());
|
app.use(helmet.crossOriginEmbedderPolicy());
|
||||||
}
|
}
|
||||||
app.use(helmet.crossOriginOpenerPolicy());
|
app.use(helmet.crossOriginOpenerPolicy({ policy: meta.config['cross-origin-opener-policy'] }));
|
||||||
app.use(helmet.crossOriginResourcePolicy({ policy: meta.config['cross-origin-resource-policy'] }));
|
app.use(helmet.crossOriginResourcePolicy({ policy: meta.config['cross-origin-resource-policy'] }));
|
||||||
app.use(helmet.dnsPrefetchControl());
|
app.use(helmet.dnsPrefetchControl());
|
||||||
app.use(helmet.expectCt());
|
app.use(helmet.expectCt());
|
||||||
|
|||||||
Reference in New Issue
Block a user