Comments (4)
If you're experiencing this through the adapter you're working on? You may need to make sure to pass false
as the third param to symfony (to make sure headers with the same name don't replace the previous).
from secureheaders.
Well that was easy! Thanks @aidantwoods - you're right, there was just the one referrer-policy
rather than the 2 there is now.
Thanks again!
from secureheaders.
Maybe I'll write about the HttpAdapter spec in the Wiki 😉
I think multiple headers, and framework cookie jars might be things that'll trip people up unless they deliberately enable certain behaviors.
from secureheaders.
See: #19
And the chrome bug report (it's now just awaiting a stable release): https://bugs.chromium.org/p/chromium/issues/detail?id=627968
I am curious as to why you're getting that error though, default config should also emit a fallback referrer policy of no-referrer
. Chrome shouldn't complain if sees at least one it recognises.
from secureheaders.
Related Issues (20)
- 2.0 Planned Changes HOT 19
- 2.0: removeCookies() has no effect HOT 4
- Proposal: Move most documentation to PhpDoc blocks HOT 14
- Discuss finally releasing 2.0 HOT 2
- Increase Test Coverage
- [2.0] Readme is out of date
- allow method chaining HOT 13
- Report missing CSP directives
- `'strict-dynamic'` isn't injected into CSP Report-Only
- More intuitive config
- Throw exceptions instead of user warnings/errors HOT 6
- Drop PHP 5.x HOT 8
- Auto protected session cookie HOT 5
- Conditional Intent to Deprecate and Remove: Public Key Pinning
- Increase test coverage
- Add hashes and nonces as friendly directive HOT 2
- Option to manually disable warnings HOT 4
- Don't warn for 'unsafe-inline' if hash or nonce present in applicable directive
- Rethink cookie upgrades HOT 2
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from secureheaders.