From: Paul Wise <pabs@debian.org>
Date: Tue, 30 Jan 2018 12:52:44 +0000 (+0800)
Subject: Django sites rely on Referrer headers for XSS protection
X-Git-Url: https://git.adam-barratt.org.uk/?a=commitdiff_plain;h=4cd32dabef8b440077f2e072fc12c983474fc251;p=mirror%2Fdsa-puppet.git

Django sites rely on Referrer headers for XSS protection
---

diff --git a/modules/roles/files/debconf_wafer/wafertest.debconf.org b/modules/roles/files/debconf_wafer/wafertest.debconf.org
index 946b74c37..c43ef8d44 100644
--- a/modules/roles/files/debconf_wafer/wafertest.debconf.org
+++ b/modules/roles/files/debconf_wafer/wafertest.debconf.org
@@ -17,6 +17,7 @@ WSGIDaemonProcess wafertest \
   Use common-debian-service-ssl wafertest.debconf.org
   Use common-ssl-HSTS
 
+  Header always set Referrer-Policy "same-origin"
   Header always set X-Content-Type-Options nosniff
   Header always set X-XSS-Protection "1; mode=block"
 #  Header always set Access-Control-Allow-Origin: "*"