Changeset

5479:30e2722c9fa3

mod_http_oauth2: Disable Referrer via header Prevents the various parameters from potentially ending up in logs, as well as reduces the size of requests.
author Kim Alvefur <zash@zash.se>
date Thu, 18 May 2023 14:47:54 +0200
parents 5478:af105c7a24b2
children 5480:5108f63e762b
files mod_http_oauth2/mod_http_oauth2.lua
diffstat 1 files changed, 1 insertions(+), 0 deletions(-) [+]
line wrap: on
line diff
--- a/mod_http_oauth2/mod_http_oauth2.lua	Thu May 18 14:25:11 2023 +0200
+++ b/mod_http_oauth2/mod_http_oauth2.lua	Thu May 18 14:47:54 2023 +0200
@@ -61,6 +61,7 @@
 		headers = {
 			["Content-Type"] = "text/html; charset=utf-8";
 			["Content-Security-Policy"] = "default-src 'self'";
+			["Referrer-Policy"] = "no-referrer";
 			["X-Frame-Options"] = "DENY";
 			["Cache-Control"] = (sensitive and "no-store" or "no-cache")..", private";
 		};