From aab5581c436c306e08df2668c530aab1cf526f20 Mon Sep 17 00:00:00 2001
From: Eugen Rochko <eugen@zeonfederated.com>
Date: Tue, 17 Apr 2018 13:51:01 +0200
Subject: Set Referrer-Policy to origin in web UI and public pages of private
 toots (#7162)

Fix #7115
---
 app/controllers/home_controller.rb | 5 +++++
 1 file changed, 5 insertions(+)

(limited to 'app/controllers/home_controller.rb')

diff --git a/app/controllers/home_controller.rb b/app/controllers/home_controller.rb
index b1f8f1ad9..b71424107 100644
--- a/app/controllers/home_controller.rb
+++ b/app/controllers/home_controller.rb
@@ -2,6 +2,7 @@
 
 class HomeController < ApplicationController
   before_action :authenticate_user!
+  before_action :set_referrer_policy_header
   before_action :set_initial_state_json
 
   def index
@@ -62,4 +63,8 @@ class HomeController < ApplicationController
       about_path
     end
   end
+
+  def set_referrer_policy_header
+    response.headers['Referrer-Policy'] = 'origin'
+  end
 end
-- 
cgit