Merge pull request #605 from sharelatex/ta-remove-extra-headers

Remove extra security headers
This commit is contained in:
Brian Gough 2017-09-13 11:07:36 +01:00 committed by GitHub
commit 046c0b856d
2 changed files with 3 additions and 3 deletions

View file

@ -153,6 +153,9 @@ webRouter.use (req, res, next) ->
dnsPrefetchControl: false dnsPrefetchControl: false
referrerPolicy: { policy: 'origin-when-cross-origin' } referrerPolicy: { policy: 'origin-when-cross-origin' }
noCache: isLoggedIn || isProjectPage noCache: isLoggedIn || isProjectPage
noSniff: false
hsts: false
frameguard: false
})(req, res, next) })(req, res, next)
profiler = require "v8-profiler" profiler = require "v8-profiler"

View file

@ -5,9 +5,6 @@ request = require('./helpers/request')
assert_has_common_headers = (response) -> assert_has_common_headers = (response) ->
headers = response.headers headers = response.headers
assert.equal(headers['x-frame-options'], 'SAMEORIGIN')
assert.equal(headers['strict-transport-security'], 'max-age=15552000; includeSubDomains')
assert.equal(headers['x-content-type-options'], 'nosniff')
assert.equal(headers['x-download-options'], 'noopen') assert.equal(headers['x-download-options'], 'noopen')
assert.equal(headers['x-xss-protection'], '1; mode=block') assert.equal(headers['x-xss-protection'], '1; mode=block')
assert.equal(headers['referrer-policy'], 'origin-when-cross-origin') assert.equal(headers['referrer-policy'], 'origin-when-cross-origin')