From: Daniel Aleksandersen <code@daniel.priv.no>
Date: Thu, 25 Oct 2018 00:56:11 +0000 (+0200)
Subject: Bug 1370855 - Restrict Referer to same-origin
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ac92b209a203f5a40ea2b15c96e44ad3e0b82e8e;p=thirdparty%2Fbugzilla.git

Bug 1370855 - Restrict Referer to same-origin
---

diff --git a/Bugzilla/CGI.pm b/Bugzilla/CGI.pm
index 4be384b67..af96ad85d 100644
--- a/Bugzilla/CGI.pm
+++ b/Bugzilla/CGI.pm
@@ -561,6 +561,10 @@ sub header {
     # the MIME type away from the declared Content-Type.
     $headers{'-x_content_type_options'} = 'nosniff';
 
+    # Add Referrer-Policy (sic) header to prevent browsers sending
+    # Referer (sic) headers to external websites.
+    $headers{'-referrer_policy'} = 'same-origin';
+
     Bugzilla::Hook::process('cgi_headers',
         { cgi => $self, headers => \%headers }
     );