george/PrivateBin
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Prevent referrer to be send

Browse Source 
Uses both CSP and Referrer-Policy
Fixes #96
This commit is contained in:
rugk
2016-09-03 18:12:24 +02:00
parent b7184b92a3
commit 1a159c973f
9 changed files with 26 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

4
cfg/conf.ini.sample
View File

@@ -1,5 +1,5 @@
; config file for PrivateBin
;
;
; An explanation of each setting can be find online at https://github.com/PrivateBin/PrivateBin/wiki/Configuration.
[main]
@@ -60,7 +60,7 @@ languageselection = false
; custom scripts from third-party domains to your templates, e.g. tracking
; scripts or run your site behind certain DDoS-protection services.
; Check the documentation at https://content-security-policy.com/
cspheader = "default-src 'none'; manifest-src 'self'; connect-src *; script-src 'self'; style-src 'self'; font-src 'self'; img-src 'self' data:;"
cspheader = "default-src 'none'; manifest-src 'self'; connect-src *; script-src 'self'; style-src 'self'; font-src 'self'; img-src 'self' data:; referrer no-referrer;"
; stay compatible with PrivateBin Alpha 0.19, less secure
; if enabled will use base64.js version 1.7 instead of 2.1.9 and sha1 instead of