From e4883e3e51cdc7c4a1f30db4faf94320d7afaa2d Mon Sep 17 00:00:00 2001
From: Arlen Johnson <arlen@sphericalcowgroup.com>
Date: Wed, 25 Jun 2025 15:58:12 -0400
Subject: [PATCH] Fix quotes for COEP and COOP to be strictly standards
 compliant (CO-2720)

---
 app/templates/element/httpHeaders.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/templates/element/httpHeaders.php b/app/templates/element/httpHeaders.php
index 8c868a6b..73606bce 100644
--- a/app/templates/element/httpHeaders.php
+++ b/app/templates/element/httpHeaders.php
@@ -33,8 +33,8 @@
   header("Content-Security-Policy: object-src 'none'; base-uri 'none'; frame-ancestors 'self'");
   header("X-Content-Type-Options: nosniff");
   header("Permissions-Policy: accelerometer=(),autoplay=(),camera=(),cross-origin-isolated=(),display-capture=(),encrypted-media=(),fullscreen=(),geolocation=(),gyroscope=(),keyboard-map=(),magnetometer=(),microphone=(),midi=(),payment=(),picture-in-picture=(),publickey-credentials-get=(),screen-wake-lock=(),sync-xhr=(self),usb=(),web-share=(),xr-spatial-tracking=(),gamepad=(),hid=(),idle-detection=(),interest-cohort=(),serial=()");
-  header("Cross-Origin-Opener-Policy: same-origin");
-  header("Cross-Origin-Embedder-Policy: require-corp");
+  header('Cross-Origin-Opener-Policy: "same-origin"');
+  header('Cross-Origin-Embedder-Policy: "require-corp"');
   header("X-Permitted-Cross-Domain-Policies: none");
 
 // Add X-UA-Compatible header for IE