Security News
The Unpaid Backbone of Open Source: Solo Maintainers Face Increasing Security Demands
Solo open source maintainers face burnout and security challenges, with 60% unpaid and 60% considering quitting.
referrer-policy
Advanced tools
The referrer-policy npm package is used to set the Referrer-Policy HTTP header in web applications. This header controls how much referrer information is included with requests made from your site.
Set Referrer-Policy Header
This feature allows you to set the Referrer-Policy header for your web application. In this example, the policy is set to 'no-referrer', which means that the Referer header will be omitted entirely.
const referrerPolicy = require('referrer-policy');
const express = require('express');
const app = express();
app.use(referrerPolicy({ policy: 'no-referrer' }));
app.get('/', (req, res) => {
res.send('Referrer-Policy is set to no-referrer');
});
app.listen(3000, () => {
console.log('Server is running on port 3000');
});
Multiple Policy Options
This feature allows you to choose from multiple policy options for the Referrer-Policy header. In this example, the policy is set to 'strict-origin-when-cross-origin', which means that full URL referrer information is sent for same-origin requests, but only the origin is sent for cross-origin requests.
const referrerPolicy = require('referrer-policy');
const express = require('express');
const app = express();
app.use(referrerPolicy({ policy: 'strict-origin-when-cross-origin' }));
app.get('/', (req, res) => {
res.send('Referrer-Policy is set to strict-origin-when-cross-origin');
});
app.listen(3000, () => {
console.log('Server is running on port 3000');
});
Helmet is a collection of 15 smaller middleware functions that set various HTTP headers to help secure your Express.js app. One of these middleware functions is `helmet.referrerPolicy()`, which can be used to set the Referrer-Policy header. Helmet provides a more comprehensive security solution compared to referrer-policy, as it includes additional protections like Content Security Policy, XSS Filter, and more.
The Referer HTTP header is typically set by web browsers to tell the server where it's coming from. For example, if you click a link on example.com/index.html that takes you to wikipedia.org, Wikipedia's servers will see Referer: example.com
. This can have privacy implications—websites can see where you are coming from. The new Referrer-Policy
HTTP header lets authors control how browsers set the Referer header.
Read the spec to see the options you can provide.
Usage:
const referrerPolicy = require('referrer-policy')
app.use(referrerPolicy({ policy: 'same-origin' }))
// Referrer-Policy: same-origin
app.use(referrerPolicy({ policy: 'unsafe-url' }))
// Referrer-Policy: unsafe-url
app.use(referrerPolicy())
// Referrer-Policy: no-referrer
FAQs
Middleware to set the Referrer-Policy HTTP header
We found that referrer-policy demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Security News
Solo open source maintainers face burnout and security challenges, with 60% unpaid and 60% considering quitting.
Security News
License exceptions modify the terms of open source licenses, impacting how software can be used, modified, and distributed. Developers should be aware of the legal implications of these exceptions.
Security News
A developer is accusing Tencent of violating the GPL by modifying a Python utility and changing its license to BSD, highlighting the importance of copyleft compliance.