git.shiar.nl / minimedit.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 91e2369)
page: referrer policy to include details cross-origin
authorMischa POSLAWSKY <perl@shiar.org>
Thu, 4 Feb 2021 01:31:48 +0000 (02:31 +0100)
committerMischa POSLAWSKY <perl@shiar.org>
Mon, 17 May 2021 14:55:33 +0000 (16:55 +0200)
Default recently changed to strict-origin-when-cross-origin which hides path
details in Referer.  Disagree about this "security" and rather keep the page
information for external sites.

page.php patch | blob | history

diff --git a/page.php b/page.php
index 8a37533f4c6e78e928980c5a92454f3e589be83d..9f9ce626b0236e7ee5a805911861828422ae8e83 100644 (file)
--- a/page.php
+++ b/page.php
@@ -50,6 +50,7 @@ header(sprintf('Content-Security-Policy: %s', implode('; ', [
        "base-uri 'self'", # only local pages
        "frame-ancestors 'none'", # prevent malicious embedding
 ])));
+header('Referrer-Policy: no-referrer-when-downgrade');
 
 $Page->place += [
        'user'  => $User->login ?: '',
MinimEdit - databaseless cms with only a bit of php