Skip to content

Commit 66ff72a

Browse files
MrChrisWMrChrisW
committed
Configure referrerPolicyo
Set the default referrer-policy header to strict-origin-when-cross-origin
1 parent 439e7e0 commit 66ff72a

File tree

2 files changed

+9
-0
lines changed

2 files changed

+9
-0
lines changed

middleware/index.js

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -23,6 +23,7 @@ module.exports = function (app) {
2323
app.use(require('./loaderio-verification'))
2424
app.use(require('./cors'))
2525
app.use(require('./csp'))
26+
app.use(require('./referrer-policy'))
2627
app.use(require('helmet')())
2728
app.use(require('./robots'))
2829
app.use(require('./cookie-parser'))

middleware/referrer-policy.js

Lines changed: 8 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,8 @@
1+
// This module defines the Referrer-Policy HEADER behaviour
2+
// https://developer.mozilla.org/en-US/docs/Web/Security/Referer_header:_privacy_and_security_concerns
3+
4+
const { referrerPolicy } = require('helmet')
5+
6+
module.exports = referrerPolicy({
7+
policy: "strict-origin-when-cross-origin",
8+
})

0 commit comments

Comments
 (0)