From 59aa0d9ab08e757fd82bad01879d8526c7ebcaf9 Mon Sep 17 00:00:00 2001 From: alistair3149 Date: Mon, 23 Dec 2019 20:26:26 -0500 Subject: [PATCH] Enable strict origin referrer policy --- includes/SkinCitizen.php | 17 ++++++++++------- skin.json | 6 ++++++ 2 files changed, 16 insertions(+), 7 deletions(-) diff --git a/includes/SkinCitizen.php b/includes/SkinCitizen.php index 7abf6d17..b856de39 100644 --- a/includes/SkinCitizen.php +++ b/includes/SkinCitizen.php @@ -48,13 +48,16 @@ class SkinCitizen extends SkinTemplate { ); } // Referrer policy - // iOS Safari, IE, Edge compatiblity - $out->addMeta( 'referrer', - 'strict-origin' - ); - $out->addMeta( 'referrer', - 'strict-origin-when-cross-origin' - ); + if ( $this->getConfig()->get( 'CitizenEnableReferrerPolicy' ) ) { + // iOS Safari, IE, Edge compatiblity + $out->addMeta( 'referrer', + 'strict-origin' + ); + $out->addMeta( 'referrer', + 'strict-origin-when-cross-origin' + ); + $out->getRequest()->response()->header( 'Referrer-Policy: strict-origin-when-cross-origin' ); + } $out->addModuleStyles( [ 'mediawiki.skinning.content.externallinks', diff --git a/skin.json b/skin.json index e6683cfb..22725477 100644 --- a/skin.json +++ b/skin.json @@ -37,6 +37,12 @@ "descriptionmsg": "citizen-config-enablemanifest", "public": true }, + "EnableReferrerPolicy": { + "value": false, + "description": "Enable or disable strict-origin-when-cross-origin referrer policy", + "descriptionmsg": "citizen-config-enablereferrerpolicy", + "public": true + }, "ManifestThemeColor": { "value": "#11151d", "description": "The theme color defined in the web app manifest",