Set Referrer-Policy to origin in web UI and public pages of private toots (#7162)

Fix #7115
This commit is contained in:
Eugen Rochko 2018-04-17 13:51:01 +02:00 committed by GitHub
parent bb58fc003b
commit aab5581c43
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 11 additions and 0 deletions

View file

@ -2,6 +2,7 @@
class HomeController < ApplicationController class HomeController < ApplicationController
before_action :authenticate_user! before_action :authenticate_user!
before_action :set_referrer_policy_header
before_action :set_initial_state_json before_action :set_initial_state_json
def index def index
@ -62,4 +63,8 @@ class HomeController < ApplicationController
about_path about_path
end end
end end
def set_referrer_policy_header
response.headers['Referrer-Policy'] = 'origin'
end
end end

View file

@ -13,6 +13,7 @@ class StatusesController < ApplicationController
before_action :set_link_headers before_action :set_link_headers
before_action :check_account_suspension before_action :check_account_suspension
before_action :redirect_to_original, only: [:show] before_action :redirect_to_original, only: [:show]
before_action :set_referrer_policy_header, only: [:show]
before_action :set_cache_headers before_action :set_cache_headers
def show def show
@ -81,4 +82,9 @@ class StatusesController < ApplicationController
def redirect_to_original def redirect_to_original
redirect_to ::TagManager.instance.url_for(@status.reblog) if @status.reblog? redirect_to ::TagManager.instance.url_for(@status.reblog) if @status.reblog?
end end
def set_referrer_policy_header
return if @status.public_visibility? || @status.unlisted_visibility?
response.headers['Referrer-Policy'] = 'origin'
end
end end