Update crow to improve security Change-Id: I86146edde21bac89e6cc30afdd79690e2b0adadd

commit: 746b22a2d73aa995dd434492b7f2b649db8c1c4d [log] [tgz]
author: Ed Tanous <ed.tanous@intel.com> Tue Nov 07 15:32:12 2017 -0800
committer: Ed Tanous <ed.tanous@intel.com> Tue Nov 07 15:32:12 2017 -0800
tree: fdd1cf986ac0808bcd031a5fe8e25698a4d9c405
parent: 038c52e00db22a49f7b94eb10a94b17a31e2ed3d [diff] [blame]
diff --git a/include/security_headers_middleware.hpp b/include/security_headers_middleware.hpp
index e12395a..19369f9 100644
--- a/include/security_headers_middleware.hpp
+++ b/include/security_headers_middleware.hpp

@@ -20,6 +20,12 @@
 static const char* content_security_key = "X-Content-Security-Policy";
 static const char* content_security_value = "default-src 'self'";
 
+static const char* pragma_key = "Pragma";
+static const char* pragma_value = "no-cache";
+
+static const char* cache_control_key = "Cache-Control";
+static const char* cache_control_value = "no-Store,no-Cache";
+
 struct SecurityHeadersMiddleware {
   struct context {};
 
@@ -37,8 +43,8 @@
     res.add_header(xframe_key, xframe_value);
     res.add_header(xss_key, xss_value);
     res.add_header(content_security_key, content_security_value);
-    res.add_header("Access-Control-Allow-Origin", "http://localhost:8085");
-    res.add_header("Access-Control-Allow-Credentials", "true");
+    res.add_header(pragma_key, pragma_value);
+    res.add_header(cache_control_key, cache_control_value);
   }
 };
 }  // namespace crow
commit	746b22a2d73aa995dd434492b7f2b649db8c1c4d	[log] [tgz]
author	Ed Tanous <ed.tanous@intel.com>	Tue Nov 07 15:32:12 2017 -0800
committer	Ed Tanous <ed.tanous@intel.com>	Tue Nov 07 15:32:12 2017 -0800
tree	fdd1cf986ac0808bcd031a5fe8e25698a4d9c405
parent	038c52e00db22a49f7b94eb10a94b17a31e2ed3d [diff] [blame]