From e740d0f761102209dc5bba92b5fe5f109bcd2c59 Mon Sep 17 00:00:00 2001 From: rugk Date: Mon, 22 Aug 2022 13:25:56 +0200 Subject: [PATCH] Remove COOP header for now Same as https://github.com/PrivateBin/docker-nginx-fpm-alpine/pull/108 Disable the header here as it breaks links to the own site. --- lib/Controller.php | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/lib/Controller.php b/lib/Controller.php index a6fd0a5b..62fa1e99 100644 --- a/lib/Controller.php +++ b/lib/Controller.php @@ -341,7 +341,10 @@ class Controller header('Content-Security-Policy: ' . $this->_conf->getKey('cspheader')); header('Cross-Origin-Resource-Policy: same-origin'); header('Cross-Origin-Embedder-Policy: require-corp'); - header('Cross-Origin-Opener-Policy: same-origin'); + // disabled, because it prevents links from a paste to the same site to + // be opened. Didn't work with `same-origin-allow-popups` either. + // See issue https://github.com/PrivateBin/PrivateBin/issues/970 for details. + // header('Cross-Origin-Opener-Policy: same-origin'); header('Permissions-Policy: browsing-topics=()'); header('Referrer-Policy: no-referrer'); header('X-Content-Type-Options: nosniff');