From 5e9547f9ac8114480d127884a10fbeb54ef10e2d Mon Sep 17 00:00:00 2001 From: Wilco Alsemgeest Date: Thu, 14 Jan 2021 22:24:22 +0100 Subject: [PATCH] Add COOP Header See https://github.com/joomla/operations-pm/issues/19 for details from JSST. As well public information https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Opener-Policy --- www/.htaccess | 2 ++ 1 file changed, 2 insertions(+) diff --git a/www/.htaccess b/www/.htaccess index 470f8cf..7161fb2 100644 --- a/www/.htaccess +++ b/www/.htaccess @@ -18,6 +18,8 @@ Header always set Referrer-Policy "no-referrer-when-downgrade" # Strict-Transport-Security Header always set Strict-Transport-Security "max-age=31536000; includeSubDomains" + # Cross-Origin-Opener-Policy + Header always set Cross-Origin-Opener-Policy "same-origin" # Content-Security-Policy Header always set Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' https://*.google-analytics.com https://*.googletagmanager.com https://*.pingdom.net https://code.jquery.com; style-src 'self' 'unsafe-inline' https://cdn.joomla.org https://fonts.googleapis.com; connect-src 'self' https://*.pingdom.net https://*.google-analytics.com https://*.doubleclick.net; frame-src 'self' https://*.googletagmanager.com; font-src 'self' https://cdn.joomla.org https://fonts.gstatic.com; img-src 'self' https://*.google-analytics.com https://*.googletagmanager.com https://*.joomla.org https://*.pingdom.net https://*.doubleclick.net; report-uri https://joomla.report-uri.com/r/t/csp/enforce"