diff options
author | Jelle van der Waa <jelle@archlinux.org> | 2020-04-09 20:48:50 +0200 |
---|---|---|
committer | Jelle van der Waa <jelle@archlinux.org> | 2020-04-09 20:48:55 +0200 |
commit | a0ea44189ad4b7e8ed13b19a69173a0429a46208 (patch) | |
tree | 7d96be3f460414264c114bd85fe367ea614428cc | |
parent | acc6916602909168e9a8f341bab442923c3e6977 (diff) | |
download | archweb-release_2020-04-09.tar.gz archweb-release_2020-04-09.zip |
Set default Referrer Policy to no-referrer-when-downgraderelease_2020-04-09
Do not send a Referrer header when the connection is downgraded from
https to http.
Closes: #177
-rw-r--r-- | settings.py | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/settings.py b/settings.py index 5a23116a..ec1d9d24 100644 --- a/settings.py +++ b/settings.py @@ -87,6 +87,9 @@ CSRF_COOKIE_HTTPONLY = True # Clickjacking protection X_FRAME_OPTIONS = 'DENY' +# Referrer Policy +SECURE_REFERRER_POLICY = 'no-referrer-when-downgrade' + # X-Content-Type-Options, stops browsers from trying to MIME-sniff the content type SECURE_CONTENT_TYPE_NOSNIFF = True |