Merge pull request #2156 from overleaf/hb-secure-headers

Use helmet to set nosniff and sameorigin GitOrigin-RevId: e5d684d772523ca740be75ebe9d248db74209f25
2025-04-14 02:46:40 +00:00 · 2019-09-18 11:29:43 +01:00 · 2019-09-18 11:29:43 +01:00 · 2031115f48
commit 2031115f48
parent 696527df8d
1 changed files with 1 additions and 3 deletions
--- a/services/web/app/src/infrastructure/Server.js
+++ b/services/web/app/src/infrastructure/Server.js
@ -204,9 +204,7 @@ webRouter.use(function(req, res, next) {
    dnsPrefetchControl: false,
    referrerPolicy: { policy: 'origin-when-cross-origin' },
    noCache: isLoggedIn || isProjectPage,
-    noSniff: false,
-    hsts: false,
-    frameguard: false
+    hsts: false
  })(req, res, next)
 })