From cabcf3fe8dcf9383a46edf9b6df6a9f0e15c2a0d Mon Sep 17 00:00:00 2001 From: Ayane Satomi Date: Sat, 21 Oct 2023 15:17:26 +0000 Subject: [PATCH 1/2] style: Update Cache-Control header settings Updated the max-age value of the Cache-Control header from 14400 to 3600 and removed X-CSRF-Token and Authorization headers. --- routes/_middleware.ts | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/routes/_middleware.ts b/routes/_middleware.ts index edbbf47..e80c350 100644 --- a/routes/_middleware.ts +++ b/routes/_middleware.ts @@ -7,10 +7,10 @@ export async function handler(req: Request, ctx: MiddlewareHandlerContext) { headers.set("Access-Control-Allow-Origin", origin); headers.set("Access-Control-Allow-Credentials", "true"); - headers.set("Cache-Control", "public, max-age=14400"); + headers.set("Cache-Control", "public, max-age=3600"); headers.set( "Access-Control-Allow-Headers", - "Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, Authorization, accept, origin, Cache-Control, X-Requested-With", + "Content-Type, Content-Length, Accept-Encoding, X-CSRF-Token, accept, origin, Cache-Control, X-Requested-With", ); headers.set( "Access-Control-Allow-Methods", From 033da63a4650b6199b04f9c2a0bbc453a00a6959 Mon Sep 17 00:00:00 2001 From: Ayane Satomi Date: Sat, 21 Oct 2023 15:21:34 +0000 Subject: [PATCH 2/2] feat: Add X-Content-Type-Options header Added 'X-Content-Type-Options' header with value 'nosniff' to the middleware --- routes/_middleware.ts | 1 + 1 file changed, 1 insertion(+) diff --git a/routes/_middleware.ts b/routes/_middleware.ts index e80c350..96fef95 100644 --- a/routes/_middleware.ts +++ b/routes/_middleware.ts @@ -7,6 +7,7 @@ export async function handler(req: Request, ctx: MiddlewareHandlerContext) { headers.set("Access-Control-Allow-Origin", origin); headers.set("Access-Control-Allow-Credentials", "true"); + headers.set("X-Content-Type-Options", "nosniff"); headers.set("Cache-Control", "public, max-age=3600"); headers.set( "Access-Control-Allow-Headers",