Task #91283

Integrate HTTP Sec-Fetch header policy

Added by Oliver Hader 2 months ago.

Status:
New
Priority:
Should have
Assignee:
Category:
Security
Target version:
-
Start date:
2020-05-03
Due date:
% Done:

0%

TYPO3 Version:
9
PHP Version:
Tags:
Complexity:
Sprint Focus:

Description

Example headers:

  • HTTP fetch
    • HTTP_SEC_FETCH_DEST: "empty"
    • HTTP_SEC_FETCH_MODE: "cors"
    • HTTP_SEC_FETCH_SITE: "same-origin"
  • IFRAME fetch
    • HTTP_SEC_FETCH_DEST: "iframe"
    • HTTP_SEC_FETCH_MODE: "navigate"
    • HTTP_SEC_FETCH_SITE: "cross-site"

Resources:


Integrate RequestPolicy and FetchPolicy

$requestPolicy = (new RequestPolicy())
  ->withFetchPolicy((new FetchPolicy())
    ->withAllowedAbsence(bool)
    ->withFetchDest(string[])
    ->withFetchSite(string[])
    ->withFetchUser(string[])
    ->withFetchMode(string[])
  );

Also available in: Atom PDF