heckyel/mediagoblin
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add a no_referrer setting to prevent browsers leaking information.

Browse Source
This commit is contained in:
Duncan 2015-08-02 06:51:27 +03:00 committed by Berker Peksag
parent 750ddf32b5
commit f0a4c3475f
2 changed files with 6 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
mediagoblin/config_spec.ini
View File

@ -86,6 +86,9 @@ allow_attachments = boolean(default=False)
# Cookie stuff # Cookie stuff
csrf_cookie_name = string(default='mediagoblin_csrftoken') csrf_cookie_name = string(default='mediagoblin_csrftoken')
# Set to true to prevent browsers leaking information through Referrers
no_referrer = boolean(default=True)
# Push stuff # Push stuff
push_urls = string_list(default=list()) push_urls = string_list(default=list())

3
mediagoblin/templates/mediagoblin/base.html
View File

@ -27,6 +27,9 @@
<head> <head>
<meta charset="utf-8"> <meta charset="utf-8">
<meta name="viewport" content="width=device-width, initial-scale=1.0"> <meta name="viewport" content="width=device-width, initial-scale=1.0">
{% if app_config['no_referrer'] -%}
<meta name="referrer" content="no-referrer">
{%- endif %}
<meta http-equiv="X-UA-Compatible" content="IE=Edge"> <meta http-equiv="X-UA-Compatible" content="IE=Edge">
<title>{% block title %}{{ app_config['html_title'] }}{% endblock %}</title> <title>{% block title %}{{ app_config['html_title'] }}{% endblock %}</title>
<link rel="stylesheet" type="text/css" <link rel="stylesheet" type="text/css"