Permalink
Browse files

stricter Referrer-Policy to reduce unintended information leakage

  • Loading branch information...
julianlam committed Feb 20, 2018
1 parent a4a9616 commit 7edc58b727781ac6a1097ebe4b8789f4afcfc02d
Showing with 1 addition and 0 deletions.
  1. +1 −0 src/middleware/headers.js
@@ -11,6 +11,7 @@ module.exports = function (middleware) {
'X-Frame-Options': meta.config['allow-from-uri'] ? 'ALLOW-FROM ' + encodeURI(meta.config['allow-from-uri']) : 'SAMEORIGIN',
'Access-Control-Allow-Methods': encodeURI(meta.config['access-control-allow-methods'] || ''),
'Access-Control-Allow-Headers': encodeURI(meta.config['access-control-allow-headers'] || ''),
'Referrer-Policy': 'strict-origin-when-cross-origin', // consider using helmet?
};
if (meta.config['access-control-allow-origin']) {

0 comments on commit 7edc58b

Please sign in to comment.