Django sites rely on Referrer headers for XSS protection

author Paul Wise <pabs@debian.org>

Tue, 30 Jan 2018 12:52:44 +0000 (20:52 +0800)

committer Paul Wise <pabs@debian.org>

Tue, 30 Jan 2018 12:52:44 +0000 (20:52 +0800)
author Paul Wise <pabs@debian.org>
Tue, 30 Jan 2018 12:52:44 +0000 (20:52 +0800)
committer Paul Wise <pabs@debian.org>
Tue, 30 Jan 2018 12:52:44 +0000 (20:52 +0800)
diff --git a/modules/roles/files/debconf_wafer/wafertest.debconf.org b/modules/roles/files/debconf_wafer/wafertest.debconf.org

index 946b74c..c43ef8d 100644 (file)
--- a/modules/roles/files/debconf_wafer/wafertest.debconf.org
+++ b/modules/roles/files/debconf_wafer/wafertest.debconf.org
@@ -17,6 +17,7 @@ WSGIDaemonProcess wafertest \
    Use common-debian-service-ssl wafertest.debconf.org
    Use common-ssl-HSTS
  
+  Header always set Referrer-Policy "same-origin"
    Header always set X-Content-Type-Options nosniff
    Header always set X-XSS-Protection "1; mode=block"
  #  Header always set Access-Control-Allow-Origin: "*"
author	Paul Wise <pabs@debian.org>
	Tue, 30 Jan 2018 12:52:44 +0000 (20:52 +0800)
committer	Paul Wise <pabs@debian.org>
	Tue, 30 Jan 2018 12:52:44 +0000 (20:52 +0800)