Enable strict origin referrer policy

2024-11-28 08:10:45 +00:00 · 2019-12-23 20:26:26 -05:00 · 2019-12-23 20:26:26 -05:00 · 59aa0d9ab0
parent 67ca36e631
commit 59aa0d9ab0
2 changed files with 16 additions and 7 deletions
--- a/includes/SkinCitizen.php
+++ b/includes/SkinCitizen.php
@ -48,6 +48,7 @@ class SkinCitizen extends SkinTemplate {
 			);
 		}
 		// Referrer policy
+		if ( $this->getConfig()->get( 'CitizenEnableReferrerPolicy' ) ) {
 			// iOS Safari, IE, Edge compatiblity
 			$out->addMeta( 'referrer',
 				'strict-origin'
@ -55,6 +56,8 @@ class SkinCitizen extends SkinTemplate {
 			$out->addMeta( 'referrer',
 				'strict-origin-when-cross-origin'
 			);
+			$out->getRequest()->response()->header( 'Referrer-Policy: strict-origin-when-cross-origin' );
+		}

 		$out->addModuleStyles( [
 			'mediawiki.skinning.content.externallinks',
--- a/skin.json
+++ b/skin.json
@ -37,6 +37,12 @@
 			"descriptionmsg": "citizen-config-enablemanifest",
 			"public": true
 		},
+		"EnableReferrerPolicy": {
+			"value": false,
+			"description": "Enable or disable strict-origin-when-cross-origin referrer policy",
+			"descriptionmsg": "citizen-config-enablereferrerpolicy",
+			"public": true
+		},
 		"ManifestThemeColor": {
 			"value": "#11151d",
 			"description": "The theme color defined in the web app manifest",