fix (security): Implements #26 DAST security mitigations

primeqa · May 15, 2023 · 54d9c5f · 54d9c5f
1 parent d25f6e0
commit 54d9c5f
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 0 deletions.
diff --git a/nginx.conf b/nginx.conf
@@ -1,5 +1,8 @@
 server {
 
+  server_tokens off;
+  add_header 'Referrer-Policy' 'origin';
+
   location / {
     root /usr/share/nginx/html/;
     include /etc/nginx/mime.types;

diff --git a/public/index.html b/public/index.html
@@ -18,6 +18,7 @@
   <head>
     <meta charset="utf-8" />
     <link rel="icon" href="%PUBLIC_URL%/favicon.ico" />
+    <meta name="referrer" content="origin" />
     <meta name="viewport" content="width=device-width, initial-scale=1" />
     <meta
       name="description"
@@ -44,6 +45,9 @@
     <script
       type="text/javascript"
       src="https://ajax.googleapis.com/ajax/libs/jquery/1.8.3/jquery.min.js"
+      integrity="sha384-lifoBlbdwizTl3Yoe612uhI3AcOam/QtWkozF7SuiACaf5UJl5reOYu4MigVxrCH"
+      crossOrigin="anonymous"
+      data-integrity-bad="sha384-K//nZc8vZ68YQ8QUGSmaDbIyGMsLsGLvnG51fC4z4ysDZJG8nXE05BkPxg+b/pVI"
     ></script>
     <script type="text/javascript" src="%PUBLIC_URL%/env.js"></script>
     <div id="app" class="container"></div>