From 746b22a2d73aa995dd434492b7f2b649db8c1c4d Mon Sep 17 00:00:00 2001
From: Ed Tanous <ed.tanous@intel.com>
Date: Tue, 7 Nov 2017 15:32:12 -0800
Subject: Update crow to improve security

Change-Id: I86146edde21bac89e6cc30afdd79690e2b0adadd
---
 include/security_headers_middleware.hpp | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

(limited to 'include/security_headers_middleware.hpp')

diff --git a/include/security_headers_middleware.hpp b/include/security_headers_middleware.hpp
index e12395a553..19369f9711 100644
--- a/include/security_headers_middleware.hpp
+++ b/include/security_headers_middleware.hpp
@@ -20,6 +20,12 @@ static const char* xss_value = "1; mode=block";
 static const char* content_security_key = "X-Content-Security-Policy";
 static const char* content_security_value = "default-src 'self'";
 
+static const char* pragma_key = "Pragma";
+static const char* pragma_value = "no-cache";
+
+static const char* cache_control_key = "Cache-Control";
+static const char* cache_control_value = "no-Store,no-Cache";
+
 struct SecurityHeadersMiddleware {
   struct context {};
 
@@ -37,8 +43,8 @@ struct SecurityHeadersMiddleware {
     res.add_header(xframe_key, xframe_value);
     res.add_header(xss_key, xss_value);
     res.add_header(content_security_key, content_security_value);
-    res.add_header("Access-Control-Allow-Origin", "http://localhost:8085");
-    res.add_header("Access-Control-Allow-Credentials", "true");
+    res.add_header(pragma_key, pragma_value);
+    res.add_header(cache_control_key, cache_control_value);
   }
 };
 }  // namespace crow
-- 
cgit v1.2.3