Skip to content

Commit

Permalink
Merge pull request #61 from codeforjapan/fix/secure-header
Browse files Browse the repository at this point in the history 
セキュリティリスクを低減させるレスポンスヘッダーを入れる
  • Loading branch information
@sushichan044
sushichan044 authored Mar 10, 2025
2 parents 35d21e6 + 91076a6 commit 6044a64
Showing 1 changed file with 10 additions and 0 deletions.
10 changes: 10 additions & 0 deletions app/entry.server.tsx
View file
Original file line number Diff line number Diff line change
Expand Up @@ -15,5 +15,15 @@ export default async function handleRequest(
routerContext,
loadContext,
);

response.headers.set(
"Strict-Transport-Security",
"max-age=63072000; includeSubDomains; preload",
);
response.headers.set("Referrer-Policy", "strict-origin-when-cross-origin");
response.headers.set("X-Content-Type-Options", "nosniff");
response.headers.set("X-Frame-Options", "DENY");
response.headers.set("X-Permitted-Cross-Domain-Policies", "none");

return response;
}

0 comments on commit 6044a64

Please sign in to comment.