From 53c4ac4f46cbdb11296b39976707c10142f7bd6a Mon Sep 17 00:00:00 2001 From: Wilco Alsemgeest Date: Thu, 14 Jan 2021 22:12:15 +0100 Subject: [PATCH] Add COOP Header See https://github.com/joomla/operations-pm/issues/19 for details from JSST. As well public information https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Opener-Policy --- .htaccess | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.htaccess b/.htaccess index 986c1ab..68b69ab 100644 --- a/.htaccess +++ b/.htaccess @@ -207,6 +207,8 @@ RewriteRule .* index.php [L] Header always set Referrer-Policy "no-referrer-when-downgrade" # Strict-Transport-Security Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains" + # Cross-Origin-Opener-Policy + Header always set Cross-Origin-Opener-Policy "same-origin" # Content-Security-Policy-Report-Only Header always set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' https://hcaptcha.com https://*.hcaptcha.com https://*.google-analytics.com https://*.googletagmanager.com https://*.googleapis.com https://*.gstatic.com https://*.google.com https://*.joomla.org https://*.pingdom.net https://*.doubleclick.net https://*.googleapis.com; style-src 'self' 'unsafe-inline' https://*.joomla.org https://hcaptcha.com https://*.hcaptcha.com https://fonts.googleapis.com https://stackpath.bootstrapcdn.com; connect-src 'self' https://*.joomla.org https://*.pingdom.net https://*.google-analytics.com https://*.doubleclick.net; frame-src 'self' https://hcaptcha.com https://*.hcaptcha.com https://*.google.com https://www.googletagmanager.com https://www.youtube.com; font-src 'self' https://fonts.gstatic.com https://*.joomla.org; img-src 'self' https://*.google-analytics.com https://*.googletagmanager.com https://*.joomla.org https://*.pingdom.net https://*.doubleclick.net https://*.gstatic.com https://*.google.com https://*.googleapis.com; frame-ancestors 'self'; report-uri https://joomla.report-uri.com/r/t/csp/enforce"