From a04adbf132208eee205c50842142d714d8279da7 Mon Sep 17 00:00:00 2001 From: Tim Alby Date: Wed, 13 Sep 2017 11:53:11 +0200 Subject: [PATCH] remove extra security headers --- services/web/app/coffee/infrastructure/Server.coffee | 3 +++ .../web/test/acceptance/coffee/SecurityHeadersTests.coffee | 3 --- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/services/web/app/coffee/infrastructure/Server.coffee b/services/web/app/coffee/infrastructure/Server.coffee index c0fabe1554..39fc3c131b 100644 --- a/services/web/app/coffee/infrastructure/Server.coffee +++ b/services/web/app/coffee/infrastructure/Server.coffee @@ -153,6 +153,9 @@ webRouter.use (req, res, next) -> dnsPrefetchControl: false referrerPolicy: { policy: 'origin-when-cross-origin' } noCache: isLoggedIn || isProjectPage + noSniff: false + hsts: false + frameguard: false })(req, res, next) profiler = require "v8-profiler" diff --git a/services/web/test/acceptance/coffee/SecurityHeadersTests.coffee b/services/web/test/acceptance/coffee/SecurityHeadersTests.coffee index 3202f124c1..f3fddf4b07 100644 --- a/services/web/test/acceptance/coffee/SecurityHeadersTests.coffee +++ b/services/web/test/acceptance/coffee/SecurityHeadersTests.coffee @@ -5,9 +5,6 @@ request = require('./helpers/request') assert_has_common_headers = (response) -> headers = response.headers - assert.equal(headers['x-frame-options'], 'SAMEORIGIN') - assert.equal(headers['strict-transport-security'], 'max-age=15552000; includeSubDomains') - assert.equal(headers['x-content-type-options'], 'nosniff') assert.equal(headers['x-download-options'], 'noopen') assert.equal(headers['x-xss-protection'], '1; mode=block') assert.equal(headers['referrer-policy'], 'origin-when-cross-origin')