Set Referrer-Policy also in addSecurityHeaders() #12689
Labels
Milestone
Comments
|
GitMate.io thinks possibly related issues are #12513 (False Referrer-Policy warning after upgrade to Nextcloud 15), #11766 (Allow "same-origin" as "Referrer-Policy"), #9122 (Add setupcheck for Referrer-Policy header), #11195 (Missing Referrer-Policy Header in Docker Image), and #11950 (Allow "same-origin" as "Referrer-Policy" (Backport to stable14)). |
peterkraume
added a commit
to peterkraume/server
that referenced
this issue
Nov 27, 2018
peterkraume
added a commit
to peterkraume/server
that referenced
this issue
Nov 27, 2018
Fix: nextcloud#12689 Signed-off-by: Peter Kraume <peter.kraume@gmx.de>
backportbot-nextcloud bot
pushed a commit
that referenced
this issue
Nov 29, 2018
Fix: #12689 Signed-off-by: Peter Kraume <peter.kraume@gmx.de>
backportbot-nextcloud bot
pushed a commit
that referenced
this issue
Nov 29, 2018
Fix: #12689 Signed-off-by: Peter Kraume <peter.kraume@gmx.de>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Steps to reproduce
Expected behaviour
If setting of headers in .htaccess is not possible, the security headers are set in
lib/private/legacy/response.php=>addSecurityHeaders()Actual behaviour
The header
Referrer-Policy "no-referrer"is only set in.htaccessServer configuration
Operating system: Linux 3.18.114-pvops-xen-x64
Web server: Apache 2.4.35 with FastCGI activated
Database: MySQL 5.6.19
PHP version: 7.2.11
Nextcloud version: 15.0.0.7 (but the problem applies to 14.x as well)
Updated from an older Nextcloud/ownCloud or fresh install: updated
Where did you install Nextcloud from: 14.0.4
Client configuration
Browser: Chrome 70.0.3538.102
Operating system: macOS 10.13.6
The text was updated successfully, but these errors were encountered: