Remove COOP header for now

Same as https://github.com/PrivateBin/docker-nginx-fpm-alpine/pull/108

Disable the header here as it breaks links to the own site.
This commit is contained in:
rugk 2022-08-22 13:25:56 +02:00 committed by GitHub
parent 628700afb1
commit e740d0f761
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -341,7 +341,10 @@ class Controller
header('Content-Security-Policy: ' . $this->_conf->getKey('cspheader')); header('Content-Security-Policy: ' . $this->_conf->getKey('cspheader'));
header('Cross-Origin-Resource-Policy: same-origin'); header('Cross-Origin-Resource-Policy: same-origin');
header('Cross-Origin-Embedder-Policy: require-corp'); header('Cross-Origin-Embedder-Policy: require-corp');
header('Cross-Origin-Opener-Policy: same-origin'); // disabled, because it prevents links from a paste to the same site to
// be opened. Didn't work with `same-origin-allow-popups` either.
// See issue https://github.com/PrivateBin/PrivateBin/issues/970 for details.
// header('Cross-Origin-Opener-Policy: same-origin');
header('Permissions-Policy: browsing-topics=()'); header('Permissions-Policy: browsing-topics=()');
header('Referrer-Policy: no-referrer'); header('Referrer-Policy: no-referrer');
header('X-Content-Type-Options: nosniff'); header('X-Content-Type-Options: nosniff');