Public

Project privacy set to public. By default, its content is available to everyone (authenticated or not). Please note that more restrictive permissions might exist on some items.

stable

Clone or download

Read-only

request #18442: Set the Cross-Origin-Opener-Policy to same-origin on every responses

Download Browse

The Cross-Origin-Opener-Policy header is a security feature to prevent some cross-origin attacks. More information can be found on the MDN page [0] or the specification [1]. See also a proposal to enable COOP by default on browsers [2]. To test, you need to redeploy the nginx configuration. A COOP header should be present in every responses. [0] https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Cross-Origin-Opener-Policy [1] https://html.spec.whatwg.org/multipage/origin.html#cross-origin-opener-policies [2] https://github.com/mikewest/coop-by-default/ Change-Id: I78b574bc8133224710059e554e0ee16bb6d208c5

+8 −3
Thomas Gerbet (tgerbet) 2020-12-11 13:54
Thomas Gerbet (tgerbet) 2020-12-11 14:30
1dca95959dfddea47b414c7cb932b87047635b6c
260fc839a4b1697ffe9fcf9103af1825ecddc65a
git #tuleap/stable/1dca95959dfddea47b414c7cb932b87047635b6c

Modified Files

Side by side diff
Inline diff
Name
M src/etc/nginx/tuleap.d/03-locations.conf +4 −3 Go to diff View file
A src/etc/nginx/tuleap.d/10-cross-origin-opener-policy.conf +4 −0 Go to diff View file