nhyatt/bitwarden
1
0
Fork 0
mirror of https://github.com/bitwarden/server.git synced 2025-07-01 16:12:49 -05:00
Code Activity

Referrer-Policy header

Browse Source
This commit is contained in:
Kyle Spearrin
2017-08-08 00:37:05 -04:00
parent e7905dec04
commit 0a12006d32
1 changed files with 8 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
util/Setup/Program.cs
View File

@ -117,7 +117,7 @@ server {{
# Headers # Headers
# X-Frame-Options is to prevent from clickJacking attack # X-Frame-Options is to prevent from clickJacking attack
#add_header X-Frame-Options SAMEORIGIN; add_header X-Frame-Options SAMEORIGIN;
# disable content-type sniffing on some browsers. # disable content-type sniffing on some browsers.
add_header X-Content-Type-Options nosniff; add_header X-Content-Type-Options nosniff;
@ -125,8 +125,13 @@ server {{
# This header enables the Cross-site scripting (XSS) filter # This header enables the Cross-site scripting (XSS) filter
add_header X-XSS-Protection ""1; mode=block""; add_header X-XSS-Protection ""1; mode=block"";
# This will enforce HTTP browsing into HTTPS and avoid ssl stripping attack # This header controls what referrer information is shared
#add_header Strict-Transport-Security max-age=15768000;"); add_header Referrer-Policy same-origin;
# This will enforce HTTP browsing into HTTPS and avoid ssl stripping attack. 6 months age
add_header Strict-Transport-Security max-age=15768000;
# Content-Security-Policy is set via meta tag on the website so it is not included here");
} }
sw.WriteLine($@" sw.WriteLine($@"