Skip to content

Commit 299cf11

Browse files
JaredCEJaredCE
committed
update README for latest OWASP and pragma deprecation
1 parent bcdbac0 commit 299cf11

File tree

1 file changed

+3
-2
lines changed

1 file changed

+3
-2
lines changed

README.md

Lines changed: 3 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -928,7 +928,7 @@ The generator will interpret your settings for CORS and automatically add the re
928928

929929
You can make use of the [OWASP Secure Headers](https://owasp.org/www-project-secure-headers/#x-permitted-cross-domain-policies) to generate response headers. These are a selection of response headers with default values that OWASP recommends returning with your response to help secure your application.
930930

931-
The OWASP Secure Headers Project contains a set of recommended headers to return with recommended values, when generating the documentation, the generator will attempt to get the latest version of this document and apply the latest recommendations. If you do not allow outside connections, it will default to a version of recommendations from **2023-05-26 12:22:30 UTC**.
931+
The OWASP Secure Headers Project contains a set of recommended headers to return with recommended values, when generating the documentation, the generator will attempt to get the latest version of this document and apply the latest recommendations. If you do not allow outside connections, it will default to a version of recommendations from **2024-09-19 21:29:28 UTC**.
932932

933933
Like CORS, if you have already set any of the OWASP Secure headers via `responseHeaders`, it will not overwrite them.
934934

@@ -973,13 +973,14 @@ The full list of OWASP Secure Headers you can set are:
973973
- crossOriginOpenerPolicy - Cross-Origin-Opener-Policy,
974974
- crossOriginResourcePolicy - Cross-Origin-Resource-Policy,
975975
- permissionsPolicy - Permissions-Policy,
976-
- pragma - Pragma,
977976
- referrerPolicy - Referrer-Policy,
978977
- strictTransportSecurity - Strict-Transport-Security,
979978
- xContentTypeOptions - X-Content-Type-Options,
980979
- xFrameOptions - X-Frame-Options,
981980
- xPermittedCrossDomainPolicies - X-Permitted-Cross-Domain-Policies
982981

982+
You should note that `Pragma` has been [deprecated by owasp](https://owasp.org/www-project-secure-headers/#pragma), this plugin will issue a warning when you are still using Pragma and might drop support.
983+
983984
###### Subset of OWASP Secure Headers with user defined values
984985

985986
If you wish to override the OWASP Secure Headers, you can write your `methodResponse` like:

0 commit comments

Comments
 (0)