Django sites rely on Referrer headers for XSS protection
authorPaul Wise <pabs@debian.org>
Tue, 30 Jan 2018 12:52:44 +0000 (20:52 +0800)
committerPaul Wise <pabs@debian.org>
Tue, 30 Jan 2018 12:52:44 +0000 (20:52 +0800)
modules/roles/files/debconf_wafer/wafertest.debconf.org

index 946b74c..c43ef8d 100644 (file)
@@ -17,6 +17,7 @@ WSGIDaemonProcess wafertest \
   Use common-debian-service-ssl wafertest.debconf.org
   Use common-ssl-HSTS
 
+  Header always set Referrer-Policy "same-origin"
   Header always set X-Content-Type-Options nosniff
   Header always set X-XSS-Protection "1; mode=block"
 #  Header always set Access-Control-Allow-Origin: "*"