Changeset 3619:1b4fdf28e548

Timestamp:

12/12/17 14:00:19 (8 years ago)

Author:

franck <carnet.franck.paul@…>

Branch:

default

Message:

Add Referrer-Policy header in admin pages (thanks Nicolas Hoffmann →  https://openweb.eu.org/articles/referrer-policy)

File:

• inc/admin/lib.dc.page.php (modified) (2 diffs)

inc/admin/lib.dc.page.php

@@ -94 +94 @@
           # Content-Type
           $headers['content-type'] = 'Content-Type: text/html; charset=UTF-8';
+
+          # Referrer Policy for admin pages
+          $headers['referrer'] = 'Referrer-Policy: strict-origin';
 
           # Prevents Clickjacking as far as possible
@@ -421 +424 @@
           header('Content-Type: text/html; charset=UTF-8');
 
-          // Prevents Clickjacking as far as possible
+          # Referrer Policy for admin pages
+          header('Referrer-Policy: strict-origin');
+
+          # Prevents Clickjacking as far as possible
           header('X-Frame-Options: SAMEORIGIN'); // FF 3.6.9+ Chrome 4.1+ IE 8+ Safari 4+ Opera 10.5+