mirror of
https://we.phorge.it/source/phorge.git
synced 2024-11-30 02:32:42 +01:00
Add "Referrer-Policy: no-referrer" to standard HTTP headers
Summary: Ref T4340. Some browsers respect this header and referrers are a plague upon the earth. Also, upgrade "never" to the more modern value "no-referrer". Test Plan: In Safari, Firefox and Chrome, disabled `rel="noreferrer"` on links and generated a normal link to an external site. Then clicked it and checked if a referrer was sent. - Safari respects meta only, but "no-referrer" is fine. - Firefox respects both (either the header or meta tag are individually sufficient to stop referrers). - Chrome respects both (same as Firefox). Maniphest Tasks: T4340 Differential Revision: https://secure.phabricator.com/D19144
This commit is contained in:
parent
dba4c4bdf6
commit
9658249ac5
2 changed files with 3 additions and 1 deletions
|
@ -92,6 +92,8 @@ abstract class AphrontResponse extends Phobject {
|
||||||
$headers[] = array('Content-Security-Policy', $csp);
|
$headers[] = array('Content-Security-Policy', $csp);
|
||||||
}
|
}
|
||||||
|
|
||||||
|
$headers[] = array('Referrer-Policy', 'no-referrer');
|
||||||
|
|
||||||
return $headers;
|
return $headers;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
|
|
@ -119,7 +119,7 @@ class PhabricatorBarePageView extends AphrontPageView {
|
||||||
'meta',
|
'meta',
|
||||||
array(
|
array(
|
||||||
'name' => 'referrer',
|
'name' => 'referrer',
|
||||||
'content' => 'never',
|
'content' => 'no-referrer',
|
||||||
));
|
));
|
||||||
|
|
||||||
$response = CelerityAPI::getStaticResourceResponse();
|
$response = CelerityAPI::getStaticResourceResponse();
|
||||||
|
|
Loading…
Reference in a new issue