Use Referrer-Policy header instead of CSP referrer
According to MDN: > referrer > Used to specify information in the referer (sic) header for links away from a page. > Use the Referrer-Policy header instead. See: - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/referrer - https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
This commit is contained in:
parent
bb24bc645c
commit
fe7c570cc9
@ -131,7 +131,8 @@ function index(req, res, next) {
|
||||
return css.slice(0, -4);
|
||||
});
|
||||
var template = _.template(file);
|
||||
res.setHeader("Content-Security-Policy", "default-src *; connect-src 'self' ws: wss:; style-src * 'unsafe-inline'; script-src 'self'; child-src 'self'; object-src 'none'; form-action 'none'; referrer no-referrer;");
|
||||
res.setHeader("Content-Security-Policy", "default-src *; connect-src 'self' ws: wss:; style-src * 'unsafe-inline'; script-src 'self'; child-src 'self'; object-src 'none'; form-action 'none';");
|
||||
res.setHeader("Referrer-Policy", "no-referrer");
|
||||
res.setHeader("Content-Type", "text/html");
|
||||
res.writeHead(200);
|
||||
res.end(template(data));
|
||||
|
Loading…
Reference in New Issue
Block a user