Skip to content

Commit

Permalink
stricter Referrer-Policy to reduce unintended information leakage
Browse files Browse the repository at this point in the history
  • Loading branch information
@julianlam
julianlam committed Feb 20, 2018
1 parent a4a9616 commit 7edc58b
Showing 1 changed file with 1 addition and 0 deletions.
1 change: 1 addition & 0 deletions src/middleware/headers.js
View file
Expand Up @@ -11,6 +11,7 @@ module.exports = function (middleware) {
'X-Frame-Options': meta.config['allow-from-uri'] ? 'ALLOW-FROM ' + encodeURI(meta.config['allow-from-uri']) : 'SAMEORIGIN',
'Access-Control-Allow-Methods': encodeURI(meta.config['access-control-allow-methods'] || ''),
'Access-Control-Allow-Headers': encodeURI(meta.config['access-control-allow-headers'] || ''),
'Referrer-Policy': 'strict-origin-when-cross-origin', // consider using helmet?
};

if (meta.config['access-control-allow-origin']) {
Expand Down

0 comments on commit 7edc58b

Please sign in to comment.