remove extra security headers

2024-11-07 20:31:06 -05:00 · 2017-09-13 11:53:11 +02:00 · 2017-09-13 11:53:11 +02:00 · a04adbf132
commit a04adbf132
parent c623fa9f3f
2 changed files with 3 additions and 3 deletions
--- a/services/web/app/coffee/infrastructure/Server.coffee
+++ b/services/web/app/coffee/infrastructure/Server.coffee
@ -153,6 +153,9 @@ webRouter.use (req, res, next) ->
 		dnsPrefetchControl: false
 		referrerPolicy: { policy: 'origin-when-cross-origin' }
 		noCache: isLoggedIn || isProjectPage
+		noSniff: false
+		hsts: false
+		frameguard: false
 	})(req, res, next)

 profiler = require "v8-profiler"
--- a/services/web/test/acceptance/coffee/SecurityHeadersTests.coffee
+++ b/services/web/test/acceptance/coffee/SecurityHeadersTests.coffee
@ -5,9 +5,6 @@ request = require('./helpers/request')

 assert_has_common_headers = (response) ->
 	headers = response.headers
-	assert.equal(headers['x-frame-options'], 'SAMEORIGIN')
-	assert.equal(headers['strict-transport-security'], 'max-age=15552000; includeSubDomains')
-	assert.equal(headers['x-content-type-options'], 'nosniff')
 	assert.equal(headers['x-download-options'], 'noopen')
 	assert.equal(headers['x-xss-protection'], '1; mode=block')
 	assert.equal(headers['referrer-policy'], 'origin-when-cross-origin')