projects / mirror / dsa-puppet.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Django sites rely on Referrer headers for XSS protection
[mirror/dsa-puppet.git] / modules / roles / files / debconf_wafer / wafertest.debconf.org
diff --git a/modules/roles/files/debconf_wafer/wafertest.debconf.org b/modules/roles/files/debconf_wafer/wafertest.debconf.org
index 946b74c..c43ef8d 100644 (file)
--- a/modules/roles/files/debconf_wafer/wafertest.debconf.org
+++ b/modules/roles/files/debconf_wafer/wafertest.debconf.org
@@ -17,6 +17,7 @@ WSGIDaemonProcess wafertest \
   Use common-debian-service-ssl wafertest.debconf.org
   Use common-ssl-HSTS
 
+  Header always set Referrer-Policy "same-origin"
   Header always set X-Content-Type-Options nosniff
   Header always set X-XSS-Protection "1; mode=block"
 #  Header always set Access-Control-Allow-Origin: "*"
Unnamed repository; edit this file 'description' to name the repository.