Skip to content

Commit

Permalink
tec: Add Referrer-Policy and X-Content-Type-Options headers
Browse files Browse the repository at this point in the history
  • Loading branch information
@marienfressinaud
marienfressinaud committed Sep 9, 2022
1 parent f3fdf68 commit fe2e227
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 0 deletions.
2 changes: 2 additions & 0 deletions src/Application.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -138,6 +138,8 @@ public function run($request)

$response->setContentSecurityPolicy('style-src', "'self' 'unsafe-inline'");
$response->setHeader('Permissions-Policy', 'interest-cohort=()'); // @see https://cleanuptheweb.org/
$response->setHeader('Referrer-Policy', 'same-origin');
$response->setHeader('X-Content-Type-Options', 'nosniff');
$response->setHeader('X-Frame-Options', 'deny');

if (
Expand Down
2 changes: 2 additions & 0 deletions tests/ApplicationTest.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -164,6 +164,8 @@ public function testHeaders()

$headers = $response->headers(true);
$this->assertSame('interest-cohort=()', $headers['Permissions-Policy']);
$this->assertSame('same-origin', $headers['Referrer-Policy']);
$this->assertSame('nosniff', $headers['X-Content-Type-Options']);
$this->assertSame('deny', $headers['X-Frame-Options']);
$this->assertSame([
'default-src' => "'self'",
Expand Down

0 comments on commit fe2e227

Please sign in to comment.