Theme: Default
-------
Hi!
I make changes (see below) and use extension "Opencart Security HTTP Headers - Customer Browser Security"
https://www.opencart.com/index.php?rout ... n_id=38035
Change from Features-Policy to Permissions-Policy, adjust the code in header.
Find:
Code: Select all
$fp_header .= $key." ".$value."; ";
Code: Select all
$fp_header .= $key."=(".$value."), ";
Code: Select all
!empty($fp_header) ? $this->response->addHeader('Feature-Policy: '.$fp_header) : false;
Code: Select all
!empty($fp_header) ? $this->response->addHeader('Permissions-Policy: '.$fp_header) : false;
Code: Select all
$this->response->addHeader('Expect-CT: max-age='.$security_headers_settings['Expect_CT']['max_age'].'; '.$security_headers_settings['Expect_CT']['report_uri']);
Everything works, but in the report from www.hardenize.com I receive:
Expect-CT Policy: Invalid (Invalid policy syntax)
max-age=604800, https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ctThe policy provided by the server is invalid and can't be parsed. Please refer to the Expect-CT specification for more information. If you're configured your policy based on an older version of the specification, please note that newer versions use commas to separate directives. URLs should be enclosed in double quotes.
How to do this (URLs should be enclosed in double quotes) in this row:
Code: Select all
$this->response->addHeader('Expect-CT: max-age='.$security_headers_settings['Expect_CT']['max_age'].', '.$security_headers_settings['Expect_CT']['report_uri']);