Elgato_dark/bunkerweb
1
0
Fork 0
mirror of https://github.com/bunkerity/bunkerweb synced 2026-05-24 09:28:37 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions

feat: remove X-XSS-Protection header and related configuration from plugin

Browse source
This commit is contained in:
Théophile Diot 2024-12-20 15:29:34 +01:00
parent 1092ea0e00
commit ac81936f9d
No known key found for this signature in database
GPG key ID: FA995104A0BA376A
2 changed files with 1 additions and 11 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
src/common/core/headers/headers.lua
View file

@ -21,7 +21,6 @@ function headers:initialize(ctx)
["PERMISSIONS_POLICY"] = "Permissions-Policy",
["X_FRAME_OPTIONS"] = "X-Frame-Options",
["X_CONTENT_TYPE_OPTIONS"] = "X-Content-Type-Options",
["X_XSS_PROTECTION"] = "X-XSS-Protection",
["X_DNS_PREFETCH_CONTROL"] = "X-DNS-Prefetch-Control",
}
-- Load data from datastore if needed

11
src/common/core/headers/plugin.json
View file

@ -90,7 +90,7 @@
},
"PERMISSIONS_POLICY": {
"context": "multisite",
"default": "accelerometer=(), ambient-light-sensor=(), attribution-reporting=(), autoplay=(), battery=(), bluetooth=(), browsing-topics=(), camera=(), compute-pressure=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), identity-credentials-get=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-create=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), speaker-selection=(), storage-access=(), usb=(), web-share=(), window-management=(), xr-spatial-tracking=(), interest-cohort=()",
"default": "accelerometer=(), ambient-light-sensor=(), attribution-reporting=(), autoplay=(), battery=(), bluetooth=(), browsing-topics=(), camera=(), compute-pressure=(), display-capture=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), gamepad=(), geolocation=(), gyroscope=(), hid=(), identity-credentials-get=(), idle-detection=(), local-fonts=(), magnetometer=(), microphone=(), midi=(), otp-credentials=(), payment=(), picture-in-picture=(), publickey-credentials-create=(), publickey-credentials-get=(), screen-wake-lock=(), serial=(), speaker-selection=(), storage-access=(), usb=(), web-share=(), window-management=(), xr-spatial-tracking=(), interest-cohort=()",
"help": "Value for the Permissions-Policy header.",
"id": "permissions-policy",
"label": "Permissions-Policy",
@ -117,15 +117,6 @@
"type": "select",
"select": ["", "nosniff"]
},
"X_XSS_PROTECTION": {
"context": "multisite",
"default": "1; mode=block",
"help": "Value for the X-XSS-Protection header.",
"id": "x-xss-protection",
"label": "X-XSS-Protection",
"regex": "^(0|1(; (mode=block|report=https?:\\/\\/[\\-\\w@:%.+~#=]+[\\-\\w\\(\\)!@:%+.~#?&\\/=$]*))?)?$",
"type": "text"
},
"X_DNS_PREFETCH_CONTROL": {
"context": "multisite",
"default": "off",