From ee5932a504d69e591aad7bdd52bd97d1f92d4e32 Mon Sep 17 00:00:00 2001
From: William Pitcock <nenolod@dereferenced.org>
Date: Mon, 12 Nov 2018 15:14:46 +0000
Subject: http security: allow referrer-policy to be configured

---
 lib/pleroma/plugs/http_security_plug.ex | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

(limited to 'lib')

diff --git a/lib/pleroma/plugs/http_security_plug.ex b/lib/pleroma/plugs/http_security_plug.ex
index 8d652a2f3..960c7f6bf 100644
--- a/lib/pleroma/plugs/http_security_plug.ex
+++ b/lib/pleroma/plugs/http_security_plug.ex
@@ -15,12 +15,14 @@ defmodule Pleroma.Plugs.HTTPSecurityPlug do
   end
 
   defp headers do
+    referrer_policy = Config.get([:http_security, :referrer_policy])
+
     [
       {"x-xss-protection", "1; mode=block"},
       {"x-permitted-cross-domain-policies", "none"},
       {"x-frame-options", "DENY"},
       {"x-content-type-options", "nosniff"},
-      {"referrer-policy", "same-origin"},
+      {"referrer-policy", referrer_policy},
       {"x-download-options", "noopen"},
       {"content-security-policy", csp_string() <> ";"}
     ]
-- 
cgit v1.2.3