From aefefc74c468ffd90e3ac97bfed5973717138759 Mon Sep 17 00:00:00 2001 From: Claire Date: Tue, 10 Jan 2023 05:18:43 +0100 Subject: [PATCH] Change referrer-policy to no-referrer application-wide (#23014) --- app/controllers/concerns/web_app_controller_concern.rb | 5 ----- config/environments/production.rb | 1 + 2 files changed, 1 insertion(+), 5 deletions(-) diff --git a/app/controllers/concerns/web_app_controller_concern.rb b/app/controllers/concerns/web_app_controller_concern.rb index cbd522246..f28786f63 100644 --- a/app/controllers/concerns/web_app_controller_concern.rb +++ b/app/controllers/concerns/web_app_controller_concern.rb @@ -6,17 +6,12 @@ module WebAppControllerConcern included do prepend_before_action :redirect_unauthenticated_to_permalinks! before_action :set_app_body_class - before_action :set_referrer_policy_header end def set_app_body_class @body_classes = 'app-body' end - def set_referrer_policy_header - response.headers['Referrer-Policy'] = 'origin' - end - def redirect_unauthenticated_to_permalinks! return if user_signed_in? && current_account.moved_to_account_id.nil? diff --git a/config/environments/production.rb b/config/environments/production.rb index 5ea9ea9ba..abb46bd16 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -138,6 +138,7 @@ Rails.application.configure do 'X-Content-Type-Options' => 'nosniff', 'X-XSS-Protection' => '0', 'Permissions-Policy' => 'interest-cohort=()', + 'Referrer-Policy' => 'no-referrer', } config.x.otp_secret = ENV.fetch('OTP_SECRET')