From ee5932a504d69e591aad7bdd52bd97d1f92d4e32 Mon Sep 17 00:00:00 2001
From: William Pitcock <nenolod@dereferenced.org>
Date: Mon, 12 Nov 2018 15:14:46 +0000
Subject: http security: allow referrer-policy to be configured

---
 config/config.exs | 3 ++-
 config/config.md  | 1 +
 2 files changed, 3 insertions(+), 1 deletion(-)

(limited to 'config')

diff --git a/config/config.exs b/config/config.exs
index be9c03ceb..9cc558564 100644
--- a/config/config.exs
+++ b/config/config.exs
@@ -180,7 +180,8 @@ config :pleroma, :http_security,
   enabled: true,
   sts: false,
   sts_max_age: 31_536_000,
-  ct_max_age: 2_592_000
+  ct_max_age: 2_592_000,
+  referrer_policy: "same-origin"
 
 config :cors_plug,
   max_age: 86_400,
diff --git a/config/config.md b/config/config.md
index 48af1c236..5b4110646 100644
--- a/config/config.md
+++ b/config/config.md
@@ -86,3 +86,4 @@ This section is used to configure Pleroma-FE, unless ``:managed_config`` in ``:i
 * ``sts``: Whether to additionally send a `Strict-Transport-Security` header
 * ``sts_max_age``: The maximum age for the `Strict-Transport-Security` header if sent
 * ``ct_max_age``: The maximum age for the `Expect-CT` header if sent
+* ``referrer_policy``: The referrer policy to use, either `"same-origin"` or `"no-referrer"`.
-- 
cgit v1.2.3