# HG changeset patch
# User Kim Alvefur <zash@zash.se>
# Date 1684414074 -7200
# Node ID 30e2722c9fa3ce7c321f9947ae3d47828860d487
# Parent  af105c7a24b28de839cd049c4a2a1ca8674774f1
mod_http_oauth2: Disable Referrer via header

Prevents the various parameters from potentially ending up in logs, as
well as reduces the size of requests.

diff -r af105c7a24b2 -r 30e2722c9fa3 mod_http_oauth2/mod_http_oauth2.lua
--- a/mod_http_oauth2/mod_http_oauth2.lua	Thu May 18 14:25:11 2023 +0200
+++ b/mod_http_oauth2/mod_http_oauth2.lua	Thu May 18 14:47:54 2023 +0200
@@ -61,6 +61,7 @@
 		headers = {
 			["Content-Type"] = "text/html; charset=utf-8";
 			["Content-Security-Policy"] = "default-src 'self'";
+			["Referrer-Policy"] = "no-referrer";
 			["X-Frame-Options"] = "DENY";
 			["Cache-Control"] = (sensitive and "no-store" or "no-cache")..", private";
 		};