Merge pull request #725 from SISheogorath/fix/referrerPolicy

Add referrer policy
This commit is contained in:
Christoph (Sheogorath) Kern 2018-02-12 22:23:19 +01:00 committed by GitHub
commit e793738833
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 0 deletions

7
app.js
View File

@ -110,6 +110,13 @@ if (config.hsts.enable) {
logger.info('https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security') logger.info('https://en.wikipedia.org/wiki/HTTP_Strict_Transport_Security')
} }
// Add referrer policy to improve privacy
app.use(
helmet.referrerPolicy({
policy: 'same-origin'
})
)
// Generate a random nonce per request, for CSP with inline scripts // Generate a random nonce per request, for CSP with inline scripts
app.use(csp.addNonceToLocals) app.use(csp.addNonceToLocals)