From ac92b209a203f5a40ea2b15c96e44ad3e0b82e8e Mon Sep 17 00:00:00 2001
From: Daniel Aleksandersen <code@daniel.priv.no>
Date: Thu, 25 Oct 2018 02:56:11 +0200
Subject: [PATCH] Bug 1370855 - Restrict Referer to same-origin

---
 Bugzilla/CGI.pm | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/Bugzilla/CGI.pm b/Bugzilla/CGI.pm
index 4be384b67..af96ad85d 100644
--- a/Bugzilla/CGI.pm
+++ b/Bugzilla/CGI.pm
@@ -561,6 +561,10 @@ sub header {
     # the MIME type away from the declared Content-Type.
     $headers{'-x_content_type_options'} = 'nosniff';
 
+    # Add Referrer-Policy (sic) header to prevent browsers sending
+    # Referer (sic) headers to external websites.
+    $headers{'-referrer_policy'} = 'same-origin';
+
     Bugzilla::Hook::process('cgi_headers',
         { cgi => $self, headers => \%headers }
     );
-- 
2.47.3