Commit 5c3c70b8 authored by Aral Balkan's avatar Aral Balkan
Browse files

Now sends out header to tell Google not to track people in Chrome

parent 68c9a5c1
......@@ -4,6 +4,14 @@ All notable changes to this project will be documented in this file.
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/), and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
## [16.4.0] - 2021-04-15
### Added
- Your server will now send out a `Permissions-Policy: interest-cohort=()` header on every request. Why? Because otherwise Google will soon start tracking the people who view your site using Google Chrome.
__Note:__ if you’re reading this, stop using Google Chrome. It is ridiculous for web servers to essentially have to ask please do not violate the privacy of the people who are viewing this site” with every request. For more info, see: https://plausible.io/blog/google-floc
## [16.3.2] - 2021-04-14
### Fixed
......
......@@ -369,6 +369,17 @@ class Site {
// Express.js security with HTTP headers.
this.app.use(helmet())
// Opt out of Google Chrome tracking everything you do.
// Note: if you’re reading this, stop using Google Chrome.
// It is ridiculous for web servers to essentially have to ask
// “please do not violate the privacy of the people who are viewing
// this site” with every request.
// For more info, see: https://plausible.io/blog/google-floc
this.app.use((request, response, next) => {
response.set('Permissions-Policy', 'interest-cohort=()')
next()
})
// Statistics middleware (captures anonymous, ephemeral statistics).
this.app.use(this.stats.middleware)
......
{
"name": "@small-tech/site.js",
"version": "16.3.2",
"version": "16.4.0",
"description": "Small Web construction set.",
"keywords": [
"web server",
......
......@@ -114,7 +114,7 @@ test('[site.js] Simple dotJS filesystem-based route loading', async t => {
const server = await site.serve(async () => {
// Ensure the route is loaded as we expect.
const routerStack = site.app._router.stack
t.strictEquals(routerStack[8].route.path, '/simple', 'the route is as expected in the router stack')
t.strictEquals(routerStack[9].route.path, '/simple', 'the route is as expected in the router stack')
let response
try {
......@@ -180,37 +180,37 @@ async function runDotJsSeparateGetAndPostTests (t, site) {
const routerStack = site.app._router.stack
const getFileNameAsRouteNameRoute = routerStack[8].route
const getFileNameAsRouteNameRoute = routerStack[9].route
t.true(getFileNameAsRouteNameRoute.methods.get, 'request method should be GET')
t.strictEquals(getFileNameAsRouteNameRoute.path, '/file-name-as-route-name', 'path should be correct')
const getIndexRoute = routerStack[9].route
const getIndexRoute = routerStack[10].route
t.true(getIndexRoute.methods.get, 'request method should be GET')
t.strictEquals(getIndexRoute.path, '/', 'path should be correct')
const getSubRouteFileNameAsRouteNameRoute = routerStack[10].route
const getSubRouteFileNameAsRouteNameRoute = routerStack[11].route
t.true(getSubRouteFileNameAsRouteNameRoute.methods.get, 'request method should be GET')
t.strictEquals(getSubRouteFileNameAsRouteNameRoute.path, '/sub-route/file-name-as-route-name', 'path should be correct')
const getSubRouteIndexRoute = routerStack[11].route
const getSubRouteIndexRoute = routerStack[12].route
t.true(getSubRouteIndexRoute.methods.get, 'request method should be GET')
t.strictEquals(getSubRouteIndexRoute.path, '/sub-route', 'path should be correct')
// Next two routes are the body parser and JSON parser, so we skip those.
const postFileNameAsRouteNameRoute = routerStack[14].route
const postFileNameAsRouteNameRoute = routerStack[15].route
t.true(postFileNameAsRouteNameRoute.methods.post, 'request method should be POST')
t.strictEquals(postFileNameAsRouteNameRoute.path, '/file-name-as-route-name', 'path should be correct')
const postIndexRoute = routerStack[15].route
const postIndexRoute = routerStack[16].route
t.true(postIndexRoute.methods.post, 'request method should be POST')
t.strictEquals(postIndexRoute.path, '/', 'path should be correct')
const postSubRouteFileNameAsRouteNameRoute = routerStack[16].route
const postSubRouteFileNameAsRouteNameRoute = routerStack[17].route
t.true(postSubRouteFileNameAsRouteNameRoute.methods.post, 'request method should be POST')
t.strictEquals(postSubRouteFileNameAsRouteNameRoute.path, '/sub-route/file-name-as-route-name', 'path should be correct')
const postSubRouteIndexRoute = routerStack[17].route
const postSubRouteIndexRoute = routerStack[18].route
t.true(postSubRouteIndexRoute.methods.post, 'request method should be POST')
t.strictEquals(postSubRouteIndexRoute.path, '/sub-route', 'path should be correct')
......@@ -290,19 +290,19 @@ test('[site.js] Separate .https and .wss folders with separate .get and .post fo
// Index 17 is that static router.
// The WSS routes start at index 18.
const webSocketFileNameAsRouteNameRoute = routerStack[19].route
const webSocketFileNameAsRouteNameRoute = routerStack[20].route
t.true(webSocketFileNameAsRouteNameRoute.methods.get, 'request method should be GET (prior to WebSocket upgrade)')
t.strictEquals(webSocketFileNameAsRouteNameRoute.path, '/file-name-as-route-name/.websocket', 'path should be correct')
const webSocketIndexRoute = routerStack[20].route
const webSocketIndexRoute = routerStack[21].route
t.true(webSocketIndexRoute.methods.get, 'request method should be GET (prior to WebSocket upgrade)')
t.strictEquals(webSocketIndexRoute.path, '/.websocket', 'path should be correct')
const webSocketSubRouteFileNameAsRouteNameRoute = routerStack[21].route
const webSocketSubRouteFileNameAsRouteNameRoute = routerStack[22].route
t.true(webSocketSubRouteFileNameAsRouteNameRoute.methods.get, 'request method should be GET (prior to WebSocket upgrade)')
t.strictEquals(webSocketSubRouteFileNameAsRouteNameRoute.path, '/sub-route/file-name-as-route-name/.websocket', 'path should be correct')
const webSocketSubRouteIndexRoute = routerStack[22].route
const webSocketSubRouteIndexRoute = routerStack[23].route
t.true(webSocketSubRouteIndexRoute.methods.get, 'request method should be GET (prior to WebSocket upgrade)')
t.strictEquals(webSocketSubRouteIndexRoute.path, '/sub-route/.websocket', 'path should be correct')
......@@ -351,11 +351,11 @@ test('[site.js] dynamic route loading from routes.js file', async t => {
const routerStack = site.app._router.stack
const getRouteWithParameter = routerStack[11].route
const getRouteWithParameter = routerStack[12].route
t.true(getRouteWithParameter.methods.get, 'request method should be GET')
t.strictEquals(getRouteWithParameter.path, '/hello/:thing', 'path should be correct and contain parameter')
const wssRoute = routerStack[12].route
const wssRoute = routerStack[13].route
t.true(wssRoute.methods.get, 'request method should be GET (prior to WebSocket upgrade)')
t.strictEquals(wssRoute.path, '/echo/.websocket', 'path should be correct and contain parameter')
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment