inter-window communication Topic is solved

[wetken]

I use PHP and Javascript code within some pages to present forms to the user. I have drop-downs, augmented by pop-up windows presenting content to assist, or drive, the dropdown choices. In Joomla 3 I was able to write Javascript code in the pop-up windows and use window.opener functionality to allow the user to click in the pop-up and have that reflected in the main window drop-down. In my migrated site in Joomla 4 window.opener is always null in the pop-up window. Has J4 done something with PHP headers for COOP, or is this something handled by the template provider? I thought it might be a browser issue, but both Chrome and Firefox are happy to run the J3 code from https site, but neither will run J4 site code as I want.

[pe7er]

Has J4 done something with PHP headers for COOP, or is this something handled by the template provider?

Yes, Joomla 4 has a "System - HTTP Headers" plugin that can handle PHP headers.
You should also check the .htaccess because you can add HTTP headers there as well.

[wetken]

The key to my issue seems to be to leave X-Frame-Options enabled and set Referrer-Policy to 'same-origin', but to set Cross-Origin-Opener-Policy to either 'Disabled' or 'unsafe-none'. Despite 50+ years of experience I am still finding areas of expertise about which I know just enough to be dangerous. My site is not public, and the likelihood that someone could both gain access and use an on-site pop-up to do something malicious is a risk I'm willing to take for the additional user convenience. Many thanks for not only replying at all, but also for your precision.

[pe7er]

You're welcome!

You can still use Joomla's "System - HTTP Headers" plugin and tweak it for your website/server.
Switch all options off first.
Then enable them one-by-one, while refreshing your browser and checking the browser Console for any errors.