From 02f28e78a659c2bda98517984e04a635c723e99b Mon Sep 17 00:00:00 2001 From: TDurrr1 Date: Sun, 26 Apr 2020 12:20:57 -0500 Subject: [PATCH] helmet: Allow referrerPolicy.policy to be an array of strings (#44235) * Setting a referrer policy as an array of strings is permitted. This will result in a comma-separated list of policies, where the last policy understood by the browser would be the one applied. See https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy, "Specifying a fallback policy". * Added a test for when referrerPolicy.policy is an array of strings. --- types/helmet/helmet-tests.ts | 3 ++- types/helmet/index.d.ts | 2 +- 2 files changed, 3 insertions(+), 2 deletions(-) diff --git a/types/helmet/helmet-tests.ts b/types/helmet/helmet-tests.ts index 20a453cdaf..0e71d8ce81 100644 --- a/types/helmet/helmet-tests.ts +++ b/types/helmet/helmet-tests.ts @@ -232,7 +232,8 @@ function noSniffTest() { * @summary Test for {@see helmet#referrerPolicy} function. */ function referrerPolicyTest() { - app.use(helmet.referrerPolicy({ policy: 'same-origin' })) + app.use(helmet.referrerPolicy({ policy: 'same-origin' })); + app.use(helmet.referrerPolicy({ policy: ['no-referrer', 'origin', 'strict-origin', 'strict-origin-when-cross-origin'] })); } /** diff --git a/types/helmet/index.d.ts b/types/helmet/index.d.ts index ec6fced62d..27c4230170 100644 --- a/types/helmet/index.d.ts +++ b/types/helmet/index.d.ts @@ -168,7 +168,7 @@ declare namespace helmet { } export interface IHelmetReferrerPolicyConfiguration { - policy?: string; + policy?: string | string[]; } export interface IHelmetXssFilterConfiguration {