Skip to content

MacareuxDigital/md_security_header_extended

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

22 Commits

controllers/single_page/dashboard/system/environment

controllers/single_page/dashboard/system/environment

 
 

install

install

 
 

single_pages/dashboard/system/environment

single_pages/dashboard/system/environment

 
 

src/Http/Middleware

src/Http/Middleware

 
 

.gitignore

.gitignore

 
 

CHANGELOG.md

CHANGELOG.md

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

controller.php

controller.php

 
 

icon.png

icon.png

 
 

Repository files navigation

Concrete CMS Package: Macareux Security Header Extended

Add security header to mitigate some types of attacks.

If you consider to mitigate CVE-2021-22954 without editing server configuration, you can use this add-on.
Ref: CVE-2021-22954 and mitigations below Concrete Version 9

Supported Headers

  • Cross-Origin-Resource-Policy (CORP)
  • Cross-Origin-Opener-Policy (COOP)
  • Cross-Origin-Embedder-Policy (COEP)
  • Access-Control-Allow-Origin

Headers supported by core

  • X-Frame-Options
  • Strict-Transport-Security (HSTS) (v9+)
  • Content Security Policy (CSP) (v9+)

Todo

  • X-XSS-Protection (Recommended not to set)
  • X-Content-Type-Options

About

Concrete CMS Package: Macareux Security Header Extended

marketplace.concretecms.com/marketplace/addons/macareux-security-header-extended/

Topics

concretecms

Resources

Readme

License

MIT license
Activity
Custom properties

Stars

0 stars

Watchers

4 watching

Forks

0 forks
Report repository

Releases

2 tags

Packages

No packages published

Contributors 2

  •  
  •  

Languages