FetchMetadata Plugin

Sponsoring and Donation

You use this extension in an commercial context and / or want to support me and give something back?

There are two ways to support me right now:
- This extension is part of Github Sponsors by sponsoring me, you help me continue my oss work for the Joomla! Project, write bug fixes, improving features and maintain my extensions.
- You just want to send me an one-time donation? Great you can do this via PayPal.me/zero24.

Thanks for your support!

Features

This Joomla Plugin helps to protect your sites by using Fetch Metadata Request Headers

The implemened rules are:
- Step 1: Allow requests from browsers which don't send Fetch Metadata
- Step 2: Allow same-site and browser-initiated requests
- Step 3: Allow simple top-level navigation and iframing
- Step 4: Opt out endpoints that are meant to serve cross-site traffic (Optional)
- Step 5: Reject all other requests that are cross-site and not navigational

Configuration

Initial setup the plugin

• Download the latest version of the plugin
• Install the plugin using Upload & Install
• Enable the plugin System - FetchMetadata form the plugin manager

Now the inital setup is completed.

Update Server

Please note that my update server only supports the latest version running the latest version of Joomla and atleast PHP 7.2.5.
Any other plugin version I may have added to the download section don't get updates using the update server.

Issues / Pull Requests

You have found an Issue, have a question or you would like to suggest changes regarding this extension?
Open an issue in this repo or submit a pull request with the proposed changes.

Translations

You want to translate this extension to your own language? Check out my Crowdin Page for my Extensions for more details. Feel free to open an issue here on any question that comes up.

Beyond this repo

This plugin is intended as backport for an upcomming PR against the core CMS 4.1.