Nemcio/NodeBB
1
0
Fork 0
mirror of https://github.com/NodeBB/NodeBB.git synced 2025-12-23 17:00:24 +01:00
Code Issues Packages Projects Releases Wiki Activity

stricter Referrer-Policy to reduce unintended information leakage

Browse Source
This commit is contained in:
Julian Lam
2018-02-20 16:11:07 -05:00
parent a4a961639d
commit 7edc58b727
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
src/middleware/headers.js
View File

@@ -11,6 +11,7 @@ module.exports = function (middleware) {
'X-Frame-Options': meta.config['allow-from-uri'] ? 'ALLOW-FROM ' + encodeURI(meta.config['allow-from-uri']) : 'SAMEORIGIN',
'Access-Control-Allow-Methods': encodeURI(meta.config['access-control-allow-methods'] || ''),
'Access-Control-Allow-Headers': encodeURI(meta.config['access-control-allow-headers'] || ''),
'Referrer-Policy': 'strict-origin-when-cross-origin', // consider using helmet?
};
if (meta.config['access-control-allow-origin']) {