Codecov Report

Merging #27 into master will decrease coverage by 0.12%. The diff coverage is 90.9%.

@@            Coverage Diff             @@
##           master      #27      +/-   ##
==========================================
- Coverage   95.88%   95.75%   -0.13%     
==========================================
  Files          26       27       +1     
  Lines         437      448      +11     
==========================================
+ Hits          419      429      +10     
- Misses         18       19       +1

Impacted Files	Coverage Δ
app/middleware/securities.js	`93.93% <ø> (ø)`	:arrow_up:
config/config.default.js	`100% <ø> (ø)`	:arrow_up:
lib/middlewares/referrerPolicy.js	`90.9% <90.9%> (ø)`

Continue to review full report at Codecov.

Legend - Click here to learn more Δ = absolute <relative> (impact), ø = not affected, ? = missing data Powered by Codecov. Last update 76bd83f...6a7b16c. Read the comment docs.

jtyjty99999 commented 6 years ago

@fengmk2 修改了

fengmk2 commented 6 years ago

参考 https://github.com/krakenjs/lusca/commit/d3bb1b ，默认开启为 same-origin？这个似乎对现在没有任何风险。

fengmk2 commented 6 years ago

哦，它也是默认关闭。。

jtyjty99999 commented 6 years ago

@fengmk2 已经修改，默认策略我改成了 no-referrer-when-downgrade 不开启， https协议降级到http协议时不发送referrer，感觉这样是最合适的 https://github.com/TryGhost/Ghost/issues/7235 这个issue也是这个观点。

jtyjty99999 commented 6 years ago

https://github.com/h5bp/server-configs-apache/pull/130/files h5bp中apache的默认配置也是这个

fengmk2 commented 6 years ago

2.1.0

eggjs / egg-security

feat: add refererpolicy support #27

Codecov Report