Prevent referrer to be send

Uses both CSP and Referrer-Policy Fixes #96
2016-09-03 18:12:24 +02:00
parent b7184b92a3
commit 1a159c973f
9 changed files with 26 additions and 3 deletions
--- a/lib/Configuration.php
+++ b/lib/Configuration.php
@@ -51,7 +51,7 @@ class Configuration
            'languagedefault' => '',
            'urlshortener' => '',
            'icon' => 'identicon',
-            'cspheader' => 'default-src \'none\'; manifest-src \'self\'; connect-src *; script-src \'self\'; style-src \'self\'; font-src \'self\'; img-src \'self\' data:;',
+            'cspheader' => 'default-src \'none\'; manifest-src \'self\'; connect-src *; script-src \'self\'; style-src \'self\'; font-src \'self\'; img-src \'self\' data:; referrer no-referrer;',
            'zerobincompatibility' => false,
        ),
        'expire' => array(