bitwarden/server
1
0
Fork 0
mirror of https://github.com/bitwarden/server synced 2025-12-06 00:03:34 +00:00
Code Issues Releases Wiki Activity

Referrer-Policy header

Browse Source
This commit is contained in:
Kyle Spearrin
2017-08-08 00:37:05 -04:00
parent e7905dec04
commit 0a12006d32
1 changed files with 8 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
util/Setup/Program.cs
View File

@@ -117,7 +117,7 @@ server {{
# Headers
# X-Frame-Options is to prevent from clickJacking attack
#add_header X-Frame-Options SAMEORIGIN;
add_header X-Frame-Options SAMEORIGIN;
# disable content-type sniffing on some browsers.
add_header X-Content-Type-Options nosniff;
@@ -125,8 +125,13 @@ server {{
# This header enables the Cross-site scripting (XSS) filter
add_header X-XSS-Protection ""1; mode=block"";
# This will enforce HTTP browsing into HTTPS and avoid ssl stripping attack
#add_header Strict-Transport-Security max-age=15768000;");
# This header controls what referrer information is shared
add_header Referrer-Policy same-origin;
# This will enforce HTTP browsing into HTTPS and avoid ssl stripping attack. 6 months age
add_header Strict-Transport-Security max-age=15768000;
# Content-Security-Policy is set via meta tag on the website so it is not included here");
}
sw.WriteLine($@"