Add new security headers

2021-05-14 18:10:48 +02:00
parent 410ba40993
commit 3d319cb04b
1 changed files with 3 additions and 0 deletions
--- a/url.php
+++ b/url.php
@ -125,6 +125,9 @@ function send_headers(array $styles = []){
 	header('Expires: 0');
 	header('Referrer-Policy: no-referrer');
 	header("Permissions-Policy: accelerometer=(), ambient-light-sensor=(), autoplay=(), battery=(), camera=(), cross-origin-isolated=(), display-capture=(), document-domain=(), encrypted-media=(), execution-while-not-rendered=(), execution-while-out-of-viewport=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), navigation-override=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=(), usb=(), web-share=(), xr-spatial-tracking=(), clipboard-read=(), clipboard-write=(), gamepad=(), speaker-selection=(), conversion-measurement=(), focus-without-user-activation=(), hid=(), idle-detection=(), sync-script=(), vertical-scroll=(), serial=(), trust-token-redemption=()");
+	header("Cross-Origin-Embedder-Policy: require-corp");
+	header("Cross-Origin-Opener-Policy: same-origin");
+	header("Cross-Origin-Resource-Policy: same-origin");
 	$style_hashes = '';
 	foreach($styles as $style) {
 		$style_hashes .= " 'sha256-".base64_encode(hash('sha256', $style, true))."'";