diff --git a/administrator/language/en-GB/en-GB.plg_system_httpheaders.ini b/administrator/language/en-GB/en-GB.plg_system_httpheaders.ini index b7155b290884f..62272a295086e 100644 --- a/administrator/language/en-GB/en-GB.plg_system_httpheaders.ini +++ b/administrator/language/en-GB/en-GB.plg_system_httpheaders.ini @@ -6,8 +6,6 @@ ; Please do not translate the word 'HTTP Headers' in the following two language strings PLG_SYSTEM_HTTPHEADERS="System - HTTP Headers" PLG_SYSTEM_HTTPHEADERS_ADDITIONAL_HEADER="Additional HTTP Headers" -; Please do not translate the name of the HTTP Headers in the following language string -PLG_SYSTEM_HTTPHEADERS_ADDITIONAL_HEADER_DESC="The supported headers are:
" ; Please do not translate the word 'HTTP Header' in the following two language strings PLG_SYSTEM_HTTPHEADERS_ADDITIONAL_HEADER_KEY="HTTP Header" PLG_SYSTEM_HTTPHEADERS_ADDITIONAL_HEADER_VALUE="HTTP Header Value" @@ -33,13 +31,10 @@ PLG_SYSTEM_HTTPHEADERS_MESSAGE_STATICHEADERS_NOT_WRITTEN="Your %1$s file is not PLG_SYSTEM_HTTPHEADERS_POSTINSTALL_INTRODUCTION_TITLE="HTTP Security Headers" PLG_SYSTEM_HTTPHEADERS_POSTINSTALL_INTRODUCTION_BODY="

Joomla! comes with a built-in set of tools that help you to handle http security headers. These headers help your browser for example to protect your website from XSS and Clickjacking attacks.

You can find more details in the HTTP Header Management Tutorial in the Joomla! Documentation.

" PLG_SYSTEM_HTTPHEADERS_POSTINSTALL_INTRODUCTION_ACTION="Enable default security headers" -; Please do not translate the following 3 language strings +; Please do not translate the following two language strings PLG_SYSTEM_HTTPHEADERS_REFERRERPOLICY="Referrer-Policy" PLG_SYSTEM_HTTPHEADERS_WRITE_STATIC_HEADERS="Write headers to the configuration file" PLG_SYSTEM_HTTPHEADERS_WRITE_STATIC_HEADERS_DESC="When enabled the headers (excluding the Content-Security-Policy) will be added to the existing server configuration file as soon as you save this extension. This way the headers will be enforced from the server side. At this time we only support .htaccess (Apache) and web.config (IIS) files." -PLG_SYSTEM_HTTPHEADERS_XCONTENTTYPEOPTIONS="X-Content-Type-Options" PLG_SYSTEM_HTTPHEADERS_XFRAMEOPTIONS="X-Frame-Options" ; Please do not translate 'HTTP Security Headers' in the following language string PLG_SYSTEM_HTTPHEADERS_XML_DESCRIPTION="This Plugin helps you to set the HTTP Security Headers" -; Please do not translate the following language string -PLG_SYSTEM_HTTPHEADERS_XXSSPROTECTION="X-XSS-Protection" diff --git a/plugins/system/httpheaders/httpheaders.php b/plugins/system/httpheaders/httpheaders.php index df3222321154e..0b9f0a12ade02 100644 --- a/plugins/system/httpheaders/httpheaders.php +++ b/plugins/system/httpheaders/httpheaders.php @@ -63,8 +63,6 @@ class PlgSystemHttpHeaders extends CMSPlugin implements SubscriberInterface 'content-security-policy', 'content-security-policy-report-only', 'x-frame-options', - 'x-xss-protection', - 'x-content-type-options', 'referrer-policy', 'expect-ct', 'feature-policy', @@ -752,18 +750,6 @@ private function getStaticHeaderConfiguration($pluginParams = false): array $staticHeaderConfiguration['x-frame-options#both'] = 'SAMEORIGIN'; } - // X-xss-protection - if ($pluginParams->get('xxssprotection')) - { - $staticHeaderConfiguration['x-xss-protection#both'] = '1; mode=block'; - } - - // X-content-type-options - if ($pluginParams->get('xcontenttypeoptions')) - { - $staticHeaderConfiguration['x-content-type-options#both'] = 'nosniff'; - } - // Referrer-policy $referrerPolicy = (string) $pluginParams->get('referrerpolicy', 'no-referrer-when-downgrade'); diff --git a/plugins/system/httpheaders/httpheaders.xml b/plugins/system/httpheaders/httpheaders.xml index d5b79549c2efc..b94d7a3337355 100644 --- a/plugins/system/httpheaders/httpheaders.xml +++ b/plugins/system/httpheaders/httpheaders.xml @@ -37,26 +37,6 @@ - - - - - - - -
@@ -93,8 +72,6 @@ - -