http security: allow referrer-policy to be configured

2018-11-12 15:14:46 +00:00 · 2018-11-12 15:14:46 +00:00 · ee5932a504
commit ee5932a504
parent fe67665e19
4 changed files with 22 additions and 2 deletions
--- a/config/config.exs
+++ b/config/config.exs
@ -180,7 +180,8 @@ config :pleroma, :http_security,
  enabled: true,
  sts: false,
  sts_max_age: 31_536_000,
-  ct_max_age: 2_592_000
+  ct_max_age: 2_592_000,
+  referrer_policy: "same-origin"

 config :cors_plug,
  max_age: 86_400,
--- a/config/config.md
+++ b/config/config.md
@ -86,3 +86,4 @@ This section is used to configure Pleroma-FE, unless ``:managed_config`` in ``:i
 * ``sts``: Whether to additionally send a `Strict-Transport-Security` header
 * ``sts_max_age``: The maximum age for the `Strict-Transport-Security` header if sent
 * ``ct_max_age``: The maximum age for the `Expect-CT` header if sent
+* ``referrer_policy``: The referrer policy to use, either `"same-origin"` or `"no-referrer"`.