Merge pull request #108 from PrivateBin/self-link-header-fix

disable header preventing opening links to self
2022-08-02 20:02:01 +02:00 · 2022-08-02 20:02:01 +02:00 · ba942807f0
commit ba942807f0
parent 1d74c1ae56 8796735e80
1 changed files with 4 additions and 1 deletions
--- a/etc/nginx/http.d/site.conf
+++ b/etc/nginx/http.d/site.conf
@ -11,7 +11,10 @@ server {
        # https://developers.cloudflare.com/cache/about/cache-control#other
        add_header Cache-Control "public, max-age=3600, must-revalidate, no-transform";
        add_header Cross-Origin-Embedder-Policy require-corp;
-        add_header Cross-Origin-Opener-Policy same-origin;
+        # disabled, because it prevents links from a paste to the same site to
+        # be opened. Didn't work with `same-origin-allow-popups` either.
+        # See issue #109 for details.
+        #add_header Cross-Origin-Opener-Policy same-origin;
        add_header Cross-Origin-Resource-Policy same-origin;
        add_header Referrer-Policy no-referrer;
        add_header X-Content-Type-Options nosniff;