From 79b8703f29cc0c5b3b1f504e56507335189e9aa7 Mon Sep 17 00:00:00 2001 From: Peter Kraume Date: Tue, 27 Nov 2018 16:34:54 +0100 Subject: [PATCH] Set Referrer-Policy also in addSecurityHeaders() Fix: #12689 Signed-off-by: Peter Kraume --- lib/private/legacy/response.php | 1 + 1 file changed, 1 insertion(+) diff --git a/lib/private/legacy/response.php b/lib/private/legacy/response.php index 93023f61e9..bfee5aadb4 100644 --- a/lib/private/legacy/response.php +++ b/lib/private/legacy/response.php @@ -104,6 +104,7 @@ class OC_Response { header('X-Robots-Tag: none'); // https://developers.google.com/webmasters/control-crawl-index/docs/robots_meta_tag header('X-Download-Options: noopen'); // https://msdn.microsoft.com/en-us/library/jj542450(v=vs.85).aspx header('X-Permitted-Cross-Domain-Policies: none'); // https://www.adobe.com/devnet/adobe-media-server/articles/cross-domain-xml-for-streaming.html + header('Referrer-Policy: no-referrer'); // https://www.w3.org/TR/referrer-policy/ } }