Post by Seer.Domains » Mon Jan 10, 2022 7:08 pm

OC Version: 3.0.3.8
Theme: Default
-------
Hi!
I make changes (see below) and use extension "Opencart Security HTTP Headers - Customer Browser Security"
https://www.opencart.com/index.php?rout ... n_id=38035

Change from Features-Policy to Permissions-Policy, adjust the code in header.
Find:

Code: Select all

$fp_header .= $key." ".$value."; ";
Replace:

Code: Select all

$fp_header .= $key."=(".$value."), ";
Find:

Code: Select all

!empty($fp_header) ? $this->response->addHeader('Feature-Policy: '.$fp_header) : false;
Replace:

Code: Select all

!empty($fp_header) ? $this->response->addHeader('Permissions-Policy: '.$fp_header) : false;
In row 88:

Code: Select all

$this->response->addHeader('Expect-CT: max-age='.$security_headers_settings['Expect_CT']['max_age'].'; '.$security_headers_settings['Expect_CT']['report_uri']);
I found '; ' and replaced it with ', '

Everything works, but in the report from www.hardenize.com I receive:
Expect-CT Policy: Invalid (Invalid policy syntax)
The policy provided by the server is invalid and can't be parsed. Please refer to the Expect-CT specification for more information. If you're configured your policy based on an older version of the specification, please note that newer versions use commas to separate directives. URLs should be enclosed in double quotes.
max-age=604800, https://report-uri.cloudflare.com/cdn-cgi/beacon/expect-ct
How to do this (URLs should be enclosed in double quotes) in this row:

Code: Select all

$this->response->addHeader('Expect-CT: max-age='.$security_headers_settings['Expect_CT']['max_age'].', '.$security_headers_settings['Expect_CT']['report_uri']);

User avatar
Newbie

Posts

Joined
Thu Mar 18, 2021 4:17 am
Who is online

Users browsing this forum: Majestic-12 [Bot] and 42 guests