* Thu Jan 02 2025 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-12.sme

- fix OCSP Stapling support [SME: 12819] - fix .well-known/security.txt [SME: 12818] - add X-Permitted-Cross-Domain-Policies header [SME: 12857] - add Cross-Origin headers [SME: 12856] - add Permissions-Policy header [SME: 12855]
2025-01-02 00:13:14 -05:00 · 2025-01-02 00:13:14 -05:00 · 1bfad8c651
commit 1bfad8c651
parent aecee0e087
6 changed files with 17 additions and 3 deletions
--- a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/35SSL36SSLStapling
+++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/35SSL36SSLStapling
@ -1,2 +1,2 @@
 SSLUseStapling On
-SSLStaplingCache dbm:/run/httpd/ssl_stapling(32768)
+SSLStaplingCache dbm:/run/httpd/ssl_stapling
--- a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/38Cross-Domain
+++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/38Cross-Domain
@ -0,0 +1 @@
+header setifempty X-Permitted-Cross-Domain-Policies "none"
--- a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/38Cross-Origin
+++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/38Cross-Origin
@ -0,0 +1,5 @@
+Header setifempty Cross-Origin-Embedder-Policy	"unsafe-none; report-to='default'"
+Header setifempty Cross-Origin-Embedder-Policy-Report-Only	"unsafe-none; report-to='default'"
+Header setifempty Cross-Origin-Opener-Policy	"unsafe-none"
+Header setifempty Cross-Origin-Opener-Policy-Report-Only	"unsafe-none; report-to='default'"
+Header setifempty Cross-Origin-Resource-Policy	"same-site"
--- a/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/38Permissions-Policy
+++ b/root/etc/e-smith/templates/etc/httpd/conf/httpd.conf/38Permissions-Policy
@ -0,0 +1 @@
+Header setifempty Permissions-Policy	"accelerometer=(), autoplay=(), camera=(), cross-origin-isolated=(), display-capture=(self), encrypted-media=(), fullscreen=*, geolocation=(self), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), payment=*, picture-in-picture=*, publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=*, usb=(), xr-spatial-tracking=(), gamepad=(), serial=()"
--- a/root/etc/e-smith/templates/var/www/html/.well-known/security.txt/20encryption
+++ b/root/etc/e-smith/templates/var/www/html/.well-known/security.txt/20encryption
@ -4,5 +4,5 @@ Encryption: {
 # Encryption: https://example.com/pgp-key.txt
 # Encryption: dns:5d2d37ab76d47d36._openpgpkey.example.com?type=OPENPGPKEY
 # Encryption: openpgp4fpr:5f2de5521c63a801ab59ccb603d49de44b29100f
-${'httpd-e-smith'}{'SecurityEncryption'}||'none'}
+${'httpd-e-smith'}{'SecurityEncryption'}||'openpgp4fpr:'}

--- a/smeserver-apache.spec
+++ b/smeserver-apache.spec
@ -4,7 +4,7 @@ Summary: smeserver server and gateway - apache module
 %define name smeserver-apache
 Name: %{name}
 %define version 11.0.0
-%define release 11
+%define release 12
 Version: %{version}
 Release: %{release}%{?dist}
 License: GPL
@ -74,6 +74,13 @@ if [ $1 -gt 1 ] ; then
 fi

 %changelog
+* Thu Jan 02 2025 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-12.sme
+- fix OCSP Stapling support [SME: 12819]
+- fix .well-known/security.txt [SME: 12818]
+- add X-Permitted-Cross-Domain-Policies header [SME: 12857]
+- add  Cross-Origin headers [SME: 12856] 
+- add Permissions-Policy header [SME: 12855]
+
 * Fri Dec 27 2024 Jean-Philippe Pialasse <jpp@koozali.org> 11.0.0-11.sme
 - add X-Content-Type-Options nosniff [SME: 12835]
 - add Strict Transport Security support HSTS [SME: 12815]
				`@ -0,0 +1 @@`
				`header setifempty X-Permitted-Cross-Domain-Policies "none"`
				`@ -0,0 +1 @@`
				`Header setifempty Permissions-Policy "accelerometer=(), autoplay=(), camera=(), cross-origin-isolated=(), display-capture=(self), encrypted-media=(), fullscreen=, geolocation=(self), gyroscope=(), keyboard-map=(), magnetometer=(), microphone=(), midi=(), payment=, picture-in-picture=, publickey-credentials-get=(), screen-wake-lock=(), sync-xhr=, usb=(), xr-spatial-tracking=(), gamepad=(), serial=()"`