From c2cca7357c3b095ce7e6ca3cf39948ef9a7ef530 Mon Sep 17 00:00:00 2001 From: Frank Hochmuth Date: Fri, 12 Apr 2024 22:21:09 +0200 Subject: [PATCH] Update plugin.fpprotect.php Feature policy removed, as outdated/only possible with older browsers --- fp-plugins/fpprotect/plugin.fpprotect.php | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/fp-plugins/fpprotect/plugin.fpprotect.php b/fp-plugins/fpprotect/plugin.fpprotect.php index f68128cf..607fee4d 100644 --- a/fp-plugins/fpprotect/plugin.fpprotect.php +++ b/fp-plugins/fpprotect/plugin.fpprotect.php @@ -14,8 +14,7 @@ header('X-WebKit-CSP: default-src https: data:; frame-src https: data:; base-uri \'self\'; font-src https: data:; script-src https: \'unsafe-inline\' \'unsafe-eval\' blob:; style-src https: \'unsafe-inline\'; img-src https: data: blob:; frame-ancestors \'self\'; manifest-src \'self\'; worker-src \'self\' blob:; connect-src https: blob:; media-src \'self\' blob:; child-src \'self\' blob:; form-action \'self\'; object-src \'self\''); // End of Content Security Policy rules -header('Feature-Policy: interest-cohort \'none\'; autoplay \'self\'; camera \'self\'; fullscreen *; geolocation \'self\'; microphone \'self\'; payment \'none\''); // Goodbye Feature Policy! // thx Nextcloud-Maps-App, github.com/nextcloud -header('Permissions-Policy: interest-cohort=(), autoplay=(self), camera=(self), fullscreen=*, geolocation=(self), microphone=(self), payment=()'); // Hello Permissions Policy! // thx Nextcloud-Maps-App, github.com/nextcloud +header('Permissions-Policy: interest-cohort=(), autoplay=(self), camera=(self), fullscreen=*, geolocation=(self), microphone=(self), payment=()'); header('Referrer-Policy: strict-origin-when-cross-origin'); header('Strict-Transport-Security: max-age=15552000; includeSubDomains'); header('X-Permitted-Cross-Domain-Policies: none');