git.shiar.nl
/
minimedit.git
/ commitdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
| commitdiff |
tree
raw
|
patch
| inline |
side by side
(parent:
91e2369
)
page: referrer policy to include details cross-origin
author
Mischa POSLAWSKY
<perl@shiar.org>
Thu, 4 Feb 2021 01:31:48 +0000
(
02:31
+0100)
committer
Mischa POSLAWSKY
<perl@shiar.org>
Mon, 17 May 2021 14:55:33 +0000
(16:55 +0200)
Default recently changed to strict-origin-when-cross-origin which hides path
details in Referer. Disagree about this "security" and rather keep the page
information for external sites.
page.php
patch
|
blob
|
history
diff --git
a/page.php
b/page.php
index 8a37533f4c6e78e928980c5a92454f3e589be83d..9f9ce626b0236e7ee5a805911861828422ae8e83 100644
(file)
--- a/
page.php
+++ b/
page.php
@@
-50,6
+50,7
@@
header(sprintf('Content-Security-Policy: %s', implode('; ', [
"base-uri 'self'", # only local pages
"frame-ancestors 'none'", # prevent malicious embedding
])));
+header('Referrer-Policy: no-referrer-when-downgrade');
$Page->place += [
'user' => $User->login ?: '',