Skip to content

Commit

Permalink
Merge pull request #27 from EvanHahn/fallback-referrer-policies
Browse files Browse the repository at this point in the history 
Add support for fallback referrer policies
  • Loading branch information
@0xTim
0xTim committed May 31, 2022
2 parents c2bbfe0 + 6859a5c commit 732edf8
Show file tree
Hide file tree
Showing 3 changed files with 29 additions and 5 deletions.
12 changes: 12 additions & 0 deletions README.md
View file
Expand Up @@ -456,3 +456,15 @@ let securityHeadersFactory = SecurityHeadersFactory().with(referrerPolicy: refer
```http
referrer-policy: no-referrer
```

You can also [set a fallback policy](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy#specify_a_fallback_policy).

```swift
let referrerPolicyConfig = ReferrerPolicyConfiguration([.noReferrer, .strictOriginWhenCrossOrigin])

let securityHeadersFactory = SecurityHeadersFactory().with(referrerPolicy: referrerPolicyConfig)
```

```http
referrer-policy: no-referrer, strict-origin-when-cross-origin
```
14 changes: 9 additions & 5 deletions Sources/VaporSecurityHeaders/Configurations/ReferrerPolicyConfiguration.swift
View file
Expand Up @@ -2,7 +2,7 @@ import Vapor

public struct ReferrerPolicyConfiguration: SecurityHeaderConfiguration {

public enum Options: String {
public enum Directive: String {
case empty = ""
case noReferrer = "no-referrer"
case noReferrerWhenDowngrade = "no-referrer-when-downgrade"
Expand All @@ -14,13 +14,17 @@ public struct ReferrerPolicyConfiguration: SecurityHeaderConfiguration {
case unsafeUrl = "unsafe-url"
}

private let option: Options
private let directives: [Directive]

public init(_ option: Options) {
self.option = option
public init(_ directive: Directive) {
self.directives = [directive]
}

public init(_ directives: [Directive]) {
self.directives = directives
}

func setHeader(on response: Response, from request: Request) {
response.headers.replaceOrAdd(name: .referrerPolicy, value: option.rawValue)
response.headers.replaceOrAdd(name: .referrerPolicy, value: directives.map({ $0.rawValue }).joined(separator: ", "))
}
}
8 changes: 8 additions & 0 deletions Tests/VaporSecurityHeadersTests/HeaderTests.swift
View file
Expand Up @@ -433,6 +433,14 @@ class HeaderTests: XCTestCase {
XCTAssertEqual(expected, response.headers[.referrerPolicy].first)
}

func testHeadersWithReferrerPolicyFallbacks() throws {
let expected = "no-referrer, strict-origin-when-cross-origin"
let referrerConfig = ReferrerPolicyConfiguration([.noReferrer, .strictOriginWhenCrossOrigin])
let factory = SecurityHeadersFactory().with(referrerPolicy: referrerConfig)
let response = try makeTestResponse(for: request, securityHeadersToAdd: factory)
XCTAssertEqual(expected, response.headers[.referrerPolicy].first)
}

func testApiPolicyWithAddedReferrerPolicy() throws {
let expected = "strict-origin"
let referrerConfig = ReferrerPolicyConfiguration(.strictOrigin)
Expand Down

0 comments on commit 732edf8

Please sign in to comment.