forked from mirrors/catstodon
Change referrer-policy to no-referrer application-wide (#23014)
This commit is contained in:
parent
2bcb081ce8
commit
aefefc74c4
2 changed files with 1 additions and 5 deletions
|
@ -6,17 +6,12 @@ module WebAppControllerConcern
|
|||
included do
|
||||
prepend_before_action :redirect_unauthenticated_to_permalinks!
|
||||
before_action :set_app_body_class
|
||||
before_action :set_referrer_policy_header
|
||||
end
|
||||
|
||||
def set_app_body_class
|
||||
@body_classes = 'app-body'
|
||||
end
|
||||
|
||||
def set_referrer_policy_header
|
||||
response.headers['Referrer-Policy'] = 'origin'
|
||||
end
|
||||
|
||||
def redirect_unauthenticated_to_permalinks!
|
||||
return if user_signed_in? && current_account.moved_to_account_id.nil?
|
||||
|
||||
|
|
|
@ -138,6 +138,7 @@ Rails.application.configure do
|
|||
'X-Content-Type-Options' => 'nosniff',
|
||||
'X-XSS-Protection' => '0',
|
||||
'Permissions-Policy' => 'interest-cohort=()',
|
||||
'Referrer-Policy' => 'no-referrer',
|
||||
}
|
||||
|
||||
config.x.otp_secret = ENV.fetch('OTP_SECRET')
|
||||
|
|
Loading…
Reference in a new issue