diff options
| author | Duncan <duncan@vtllf.org> | 2015-08-02 06:51:27 +0300 |
|---|---|---|
| committer | Berker Peksag <berker.peksag@gmail.com> | 2015-08-02 06:52:04 +0300 |
| commit | f0a4c3475fef9e954b80a76cccdc87e4f3ddfacb (patch) | |
| tree | 453fac7ca3e64292dfaf7c94d89e3db92f04c938 | |
| parent | 750ddf32b5b0f9845ee7d4bb70171d9ff8170a0c (diff) | |
| download | mediagoblin-f0a4c3475fef9e954b80a76cccdc87e4f3ddfacb.tar.lz mediagoblin-f0a4c3475fef9e954b80a76cccdc87e4f3ddfacb.tar.xz mediagoblin-f0a4c3475fef9e954b80a76cccdc87e4f3ddfacb.zip | |
Add a no_referrer setting to prevent browsers leaking information.
| -rw-r--r-- | mediagoblin/config_spec.ini | 3 | ||||
| -rw-r--r-- | mediagoblin/templates/mediagoblin/base.html | 3 |
2 files changed, 6 insertions, 0 deletions
diff --git a/mediagoblin/config_spec.ini b/mediagoblin/config_spec.ini index fd86700a..0a8da73e 100644 --- a/mediagoblin/config_spec.ini +++ b/mediagoblin/config_spec.ini @@ -86,6 +86,9 @@ allow_attachments = boolean(default=False) # Cookie stuff csrf_cookie_name = string(default='mediagoblin_csrftoken') +# Set to true to prevent browsers leaking information through Referrers +no_referrer = boolean(default=True) + # Push stuff push_urls = string_list(default=list()) diff --git a/mediagoblin/templates/mediagoblin/base.html b/mediagoblin/templates/mediagoblin/base.html index ddc38b3e..778cc3f9 100644 --- a/mediagoblin/templates/mediagoblin/base.html +++ b/mediagoblin/templates/mediagoblin/base.html @@ -27,6 +27,9 @@ <head> <meta charset="utf-8"> <meta name="viewport" content="width=device-width, initial-scale=1.0"> + {% if app_config['no_referrer'] -%} + <meta name="referrer" content="no-referrer"> + {%- endif %} <meta http-equiv="X-UA-Compatible" content="IE=Edge"> <title>{% block title %}{{ app_config['html_title'] }}{% endblock %}</title> <link rel="stylesheet" type="text/css" |