From 4cd32dabef8b440077f2e072fc12c983474fc251 Mon Sep 17 00:00:00 2001
From: Paul Wise <pabs@debian.org>
Date: Tue, 30 Jan 2018 20:52:44 +0800
Subject: [PATCH] Django sites rely on Referrer headers for XSS protection

---
 modules/roles/files/debconf_wafer/wafertest.debconf.org | 1 +
 1 file changed, 1 insertion(+)

diff --git a/modules/roles/files/debconf_wafer/wafertest.debconf.org b/modules/roles/files/debconf_wafer/wafertest.debconf.org
index 946b74c37..c43ef8d44 100644
--- a/modules/roles/files/debconf_wafer/wafertest.debconf.org
+++ b/modules/roles/files/debconf_wafer/wafertest.debconf.org
@@ -17,6 +17,7 @@ WSGIDaemonProcess wafertest \
   Use common-debian-service-ssl wafertest.debconf.org
   Use common-ssl-HSTS
 
+  Header always set Referrer-Policy "same-origin"
   Header always set X-Content-Type-Options nosniff
   Header always set X-XSS-Protection "1; mode=block"
 #  Header always set Access-Control-Allow-Origin: "*"
-- 
2.20.1