diff options
| -rw-r--r-- | app/controllers/concerns/web_app_controller_concern.rb | 5 | ||||
| -rw-r--r-- | config/environments/production.rb | 1 |
2 files changed, 1 insertions, 5 deletions
diff --git a/app/controllers/concerns/web_app_controller_concern.rb b/app/controllers/concerns/web_app_controller_concern.rb index cbd522246..f28786f63 100644 --- a/app/controllers/concerns/web_app_controller_concern.rb +++ b/app/controllers/concerns/web_app_controller_concern.rb @@ -6,17 +6,12 @@ module WebAppControllerConcern included do prepend_before_action :redirect_unauthenticated_to_permalinks! before_action :set_app_body_class - before_action :set_referrer_policy_header end def set_app_body_class @body_classes = 'app-body' end - def set_referrer_policy_header - response.headers['Referrer-Policy'] = 'origin' - end - def redirect_unauthenticated_to_permalinks! return if user_signed_in? && current_account.moved_to_account_id.nil? diff --git a/config/environments/production.rb b/config/environments/production.rb index 5ea9ea9ba..abb46bd16 100644 --- a/config/environments/production.rb +++ b/config/environments/production.rb @@ -138,6 +138,7 @@ Rails.application.configure do 'X-Content-Type-Options' => 'nosniff', 'X-XSS-Protection' => '0', 'Permissions-Policy' => 'interest-cohort=()', + 'Referrer-Policy' => 'no-referrer', } config.x.otp_secret = ENV.fetch('OTP_SECRET') |