-
-
Notifications
You must be signed in to change notification settings - Fork 4k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Set Referrer-Policy also in addSecurityHeaders() #12689
Labels
Milestone
Comments
GitMate.io thinks possibly related issues are #12513 (False Referrer-Policy warning after upgrade to Nextcloud 15), #11766 (Allow "same-origin" as "Referrer-Policy"), #9122 (Add setupcheck for Referrer-Policy header), #11195 (Missing Referrer-Policy Header in Docker Image), and #11950 (Allow "same-origin" as "Referrer-Policy" (Backport to stable14)). |
peterkraume
added a commit
to peterkraume/server
that referenced
this issue
Nov 27, 2018
peterkraume
added a commit
to peterkraume/server
that referenced
this issue
Nov 27, 2018
Fix: nextcloud#12689 Signed-off-by: Peter Kraume <peter.kraume@gmx.de>
backportbot-nextcloud bot
pushed a commit
that referenced
this issue
Nov 29, 2018
Fix: #12689 Signed-off-by: Peter Kraume <peter.kraume@gmx.de>
backportbot-nextcloud bot
pushed a commit
that referenced
this issue
Nov 29, 2018
Fix: #12689 Signed-off-by: Peter Kraume <peter.kraume@gmx.de>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Steps to reproduce
Expected behaviour
If setting of headers in .htaccess is not possible, the security headers are set in
lib/private/legacy/response.php
=>addSecurityHeaders()
Actual behaviour
The header
Referrer-Policy "no-referrer"
is only set in.htaccess
Server configuration
Operating system: Linux 3.18.114-pvops-xen-x64
Web server: Apache 2.4.35 with FastCGI activated
Database: MySQL 5.6.19
PHP version: 7.2.11
Nextcloud version: 15.0.0.7 (but the problem applies to 14.x as well)
Updated from an older Nextcloud/ownCloud or fresh install: updated
Where did you install Nextcloud from: 14.0.4
Client configuration
Browser: Chrome 70.0.3538.102
Operating system: macOS 10.13.6
The text was updated successfully, but these errors were encountered: