Skip to content

Commit 2064184

Browse files
authored
fix(apps): clean up server middleware headers (#5026)
1 parent e2a751a commit 2064184

2 files changed

Lines changed: 2 additions & 11 deletions

File tree

apps/themebuilder/server/app.ts

Lines changed: 0 additions & 5 deletions
Original file line numberDiff line numberDiff line change
@@ -25,11 +25,6 @@ app.use((req, res, next) => {
2525
'Content-Security-Policy-Report-Only',
2626
`default-src 'none';base-uri 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval';style-src 'self' https://altinncdn.no https://siteimproveanalytics.com 'unsafe-inline';font-src 'self' https://altinncdn.no;img-src 'self' data:;connect-src ${connectSrc};frame-ancestors 'self';form-action 'self';manifest-src 'self'; report-uri https://csp-report.digdir.no/api/reports`,
2727
);
28-
res.setHeader(
29-
'Strict-Transport-Security',
30-
'max-age=31536000; includeSubDomains',
31-
);
32-
res.setHeader('X-Content-Type-Options', 'nosniff');
3328
res.setHeader('Cache-Control', 'max-age');
3429
/* Stop TRACE request */
3530
if (req.method === 'TRACE') {

apps/www/server/app.ts

Lines changed: 2 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -25,15 +25,11 @@ app.use((req, res, next) => {
2525
'Content-Security-Policy-Report-Only',
2626
`default-src 'none';base-uri 'self';script-src 'self' 'unsafe-inline' 'unsafe-eval';style-src 'self' https://altinncdn.no https://siteimproveanalytics.com 'unsafe-inline';font-src 'self' https://altinncdn.no;img-src 'self' data:;connect-src ${connectSrc};frame-ancestors 'self';form-action 'self';manifest-src 'self'; report-uri https://csp-report.digdir.no/api/reports`,
2727
);
28-
res.setHeader(
29-
'Strict-Transport-Security',
30-
'max-age=31536000; includeSubDomains',
31-
);
32-
res.setHeader('X-Content-Type-Options', 'nosniff');
28+
3329
res.setHeader('Cache-Control', 'max-age');
3430

3531
/* Add Link headers for agent discovery (RFC 8288 / RFC 9727) on the homepage */
36-
if (req.path === '/' || req.path === '') {
32+
if (req.path === '/') {
3733
res.setHeader('Link', [
3834
'</.well-known/api-catalog>; rel="api-catalog"',
3935
'</.well-known/security.txt>; rel="disclosure"',

0 commit comments

Comments
 (0)