github/overleaf
1
0
Fork 0
mirror of https://github.com/overleaf/overleaf.git synced 2024-11-21 20:47:08 -05:00
Code Issues Projects Releases Packages Wiki Activity

Merge pull request #605 from sharelatex/ta-remove-extra-headers

Browse source 
Remove extra security headers
This commit is contained in:
Brian Gough 2017-09-13 11:07:36 +01:00 committed by GitHub
commit 046c0b856d
2 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
services/web/app/coffee/infrastructure/Server.coffee
View file

@ -153,6 +153,9 @@ webRouter.use (req, res, next) ->
dnsPrefetchControl: false
referrerPolicy: { policy: 'origin-when-cross-origin' }
noCache: isLoggedIn || isProjectPage
noSniff: false
hsts: false
frameguard: false
})(req, res, next)
profiler = require "v8-profiler"

3
services/web/test/acceptance/coffee/SecurityHeadersTests.coffee
View file

@ -5,9 +5,6 @@ request = require('./helpers/request')
assert_has_common_headers = (response) ->
headers = response.headers
assert.equal(headers['x-frame-options'], 'SAMEORIGIN')
assert.equal(headers['strict-transport-security'], 'max-age=15552000; includeSubDomains')
assert.equal(headers['x-content-type-options'], 'nosniff')
assert.equal(headers['x-download-options'], 'noopen')
assert.equal(headers['x-xss-protection'], '1; mode=block')
assert.equal(headers['referrer-policy'], 'origin-when-cross-origin')