Change referrer-policy to no-referrer application-wide (#23014)

shrike
Claire 2023-01-10 05:18:43 +01:00 committed by GitHub
parent 2bcb081ce8
commit aefefc74c4
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 1 additions and 5 deletions

View File

@ -6,17 +6,12 @@ module WebAppControllerConcern
included do included do
prepend_before_action :redirect_unauthenticated_to_permalinks! prepend_before_action :redirect_unauthenticated_to_permalinks!
before_action :set_app_body_class before_action :set_app_body_class
before_action :set_referrer_policy_header
end end
def set_app_body_class def set_app_body_class
@body_classes = 'app-body' @body_classes = 'app-body'
end end
def set_referrer_policy_header
response.headers['Referrer-Policy'] = 'origin'
end
def redirect_unauthenticated_to_permalinks! def redirect_unauthenticated_to_permalinks!
return if user_signed_in? && current_account.moved_to_account_id.nil? return if user_signed_in? && current_account.moved_to_account_id.nil?

View File

@ -138,6 +138,7 @@ Rails.application.configure do
'X-Content-Type-Options' => 'nosniff', 'X-Content-Type-Options' => 'nosniff',
'X-XSS-Protection' => '0', 'X-XSS-Protection' => '0',
'Permissions-Policy' => 'interest-cohort=()', 'Permissions-Policy' => 'interest-cohort=()',
'Referrer-Policy' => 'no-referrer',
} }
config.x.otp_secret = ENV.fetch('OTP_SECRET') config.x.otp_secret = ENV.fetch('OTP_SECRET')