Add Referrer-Policy

2020-08-13 23:58:54 +02:00 · 2020-08-13 23:58:54 +02:00 · 29e445ff41
commit 29e445ff41
parent e65a4e10d6
1 changed files with 9 additions and 9 deletions
--- a/app/src/main/kotlin/filters/SecurityFilter.kt
+++ b/app/src/main/kotlin/filters/SecurityFilter.kt
@ -5,16 +5,16 @@ import org.http4k.core.HttpHandler
 import org.http4k.core.Request

 object SecurityFilter {
-    operator fun invoke(): Filter {
-        return Filter { next: HttpHandler ->
-            { request: Request ->
-                val response = next(request)
-                    .header("X-Content-Type-Options", "nosniff")
+    operator fun invoke() = Filter { next: HttpHandler ->
+        { request: Request ->
+            val response = next(request)
+                .header("X-Content-Type-Options", "nosniff")

-                if (response.header("Content-Type")?.contains("text/html") == true)
-                    response.header("Content-Security-Policy", "default-src 'self'")
-                else response
-            }
+            if (response.header("Content-Type")?.contains("text/html") == true) {
+                response
+                    .header("Content-Security-Policy", "default-src 'self'")
+                    .header("Referrer-Policy", "no-referrer")
+            } else response
        }
    }
 }