FEATURE: Add default Referrer Policy in SSL template

author Rafael dos Santos Silva <xfalcox@gmail.com>

Mon, 26 Jun 2017 21:32:39 +0000 (18:32 -0300)

committer Rafael dos Santos Silva <xfalcox@gmail.com>

Mon, 26 Jun 2017 21:32:39 +0000 (18:32 -0300)
author Rafael dos Santos Silva <xfalcox@gmail.com>
Mon, 26 Jun 2017 21:32:39 +0000 (18:32 -0300)
committer Rafael dos Santos Silva <xfalcox@gmail.com>
Mon, 26 Jun 2017 21:32:39 +0000 (18:32 -0300)
diff --git a/templates/web.ssl.template.yml b/templates/web.ssl.template.yml

index 76b600eac024815f2eb8b29a4c5c478a56f00967..d041360caed4d5e64d6e24a5f6ef25925066e303 100644 (file)
--- a/templates/web.ssl.template.yml
+++ b/templates/web.ssl.template.yml
@@ -33,6 +33,7 @@ run:
         gzip on;
  
         add_header Strict-Transport-Security 'max-age=31536000'; # remember the certificate for a year and automatically connect to HTTPS for this domain
+       add_header Referrer-Policy 'no-referrer-when-downgrade';
  
         if ($http_host != $$ENV_DISCOURSE_HOSTNAME) {
            rewrite (.*) https://$$ENV_DISCOURSE_HOSTNAME$1 permanent;
author	Rafael dos Santos Silva <xfalcox@gmail.com>
	Mon, 26 Jun 2017 21:32:39 +0000 (18:32 -0300)
committer	Rafael dos Santos Silva <xfalcox@gmail.com>
	Mon, 26 Jun 2017 21:32:39 +0000 (18:32 -0300)