mirror of
https://github.com/overleaf/overleaf.git
synced 2024-11-21 20:47:08 -05:00
Merge pull request #605 from sharelatex/ta-remove-extra-headers
Remove extra security headers
This commit is contained in:
commit
046c0b856d
2 changed files with 3 additions and 3 deletions
|
@ -153,6 +153,9 @@ webRouter.use (req, res, next) ->
|
||||||
dnsPrefetchControl: false
|
dnsPrefetchControl: false
|
||||||
referrerPolicy: { policy: 'origin-when-cross-origin' }
|
referrerPolicy: { policy: 'origin-when-cross-origin' }
|
||||||
noCache: isLoggedIn || isProjectPage
|
noCache: isLoggedIn || isProjectPage
|
||||||
|
noSniff: false
|
||||||
|
hsts: false
|
||||||
|
frameguard: false
|
||||||
})(req, res, next)
|
})(req, res, next)
|
||||||
|
|
||||||
profiler = require "v8-profiler"
|
profiler = require "v8-profiler"
|
||||||
|
|
|
@ -5,9 +5,6 @@ request = require('./helpers/request')
|
||||||
|
|
||||||
assert_has_common_headers = (response) ->
|
assert_has_common_headers = (response) ->
|
||||||
headers = response.headers
|
headers = response.headers
|
||||||
assert.equal(headers['x-frame-options'], 'SAMEORIGIN')
|
|
||||||
assert.equal(headers['strict-transport-security'], 'max-age=15552000; includeSubDomains')
|
|
||||||
assert.equal(headers['x-content-type-options'], 'nosniff')
|
|
||||||
assert.equal(headers['x-download-options'], 'noopen')
|
assert.equal(headers['x-download-options'], 'noopen')
|
||||||
assert.equal(headers['x-xss-protection'], '1; mode=block')
|
assert.equal(headers['x-xss-protection'], '1; mode=block')
|
||||||
assert.equal(headers['referrer-policy'], 'origin-when-cross-origin')
|
assert.equal(headers['referrer-policy'], 'origin-when-cross-origin')
|
||||||
|
|
Loading…
Reference in a new issue