Skip to content

Commit 0420acb

Browse files
ThomasKranitsasThomasKranitsas
authored
Merge pull request #1401 from nursoltan-s/security-headers
add http security headers
2 parents 98340c5 + 81d7ec2 commit 0420acb

File tree

1 file changed

+10
-0
lines changed

1 file changed

+10
-0
lines changed

server.js

+10
Original file line numberDiff line numberDiff line change
@@ -16,6 +16,16 @@ function check () {
1616
return true
1717
}
1818
app.use(healthCheck.middleware([check]))
19+
app.use((req, res, next) => {
20+
res.header('Referrer-Policy', 'strict-origin-when-cross-origin');
21+
res.header('Permissions-Policy', 'geolocation=(), microphone=(), camera=()');
22+
res.header('X-Content-Type-Options', 'nosniff');
23+
res.header('Strict-Transport-Security', 'max-age=31536000; includeSubDomains; preload');
24+
res.header('Cache-control', 'public, max-age=0');
25+
res.header('Pragma', 'no-cache');
26+
27+
next();
28+
});
1929
// app.use(requireHTTPS) // removed because app servers don't handle https
2030
// app.use(express.static(__dirname))
2131
app.use(express.static(path.join(__dirname, 'build')))

0 commit comments

Comments
 (0)