Skip to content

HttpHeader 1.0.7
Compare
Choose a tag to compare
@zero-24 zero-24 released this 11 Aug 19:06
· 56 commits to master since this release
1.0.7
This tag was signed with the committer’s verified signature.
zero-24 Tobias Zulauf
GPG key ID: A041B880A124AF84
Learn about vigilant mode.
42a5609
This commit was signed with the committer’s verified signature.
zero-24 Tobias Zulauf
GPG key ID: A041B880A124AF84
Learn about vigilant mode.

This is the seventh patch release of the HttpHeader Plugin.

Changelog

  • Append optional style and script hashes for script-src and style-src
  • Add the csp directive 'frame-ancestors' when the x-frame-options option is enabled
  • Make sure csp headers are not added to the server config file as they are not static
  • make sure only headers marked as both are added to the serverconfig files.

Features

This plugin allows you to set all security http headers using a Joomla plugin:

  • Strict-Transport-Security
  • Content-Security-Policy
  • Content-Security-Policy-Report-Only
  • X-Frame-Options
  • X-XSS-Protection
  • X-Content-Type-Options
  • Referrer-Policy
  • Expect-CT
  • Feature-Policy

This plugin also comes with some easy defaults for:

  • X-Frame-Options
  • X-XSS-Protection
  • X-Content-Type-Options
  • Referrer-Policy
Assets 3
Loading