From ac056d17af5025a57d23be263a454f8501765558 Mon Sep 17 00:00:00 2001
From: vin01 <30344579+vin01@users.noreply.github.com>
Date: Sat, 6 Jan 2018 14:05:20 +0530
Subject: [PATCH] Adding referrer policy security header

It will set a default strict `Referrer-Policy ``strict-origin-when-cross-origin`` that controls what referrer information shall be included with requests.
More: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy, https://scotthelme.co.uk/a-new-security-header-referrer-policy/
It can prevent issues like: https://robots.thoughtbot.com/is-your-site-leaking-password-reset-links
---
 revel/skeleton/app/init.go | 1 +
 1 file changed, 1 insertion(+)

diff --git a/revel/skeleton/app/init.go b/revel/skeleton/app/init.go
index b4e614f..69540e8 100644
--- a/revel/skeleton/app/init.go
+++ b/revel/skeleton/app/init.go
@@ -44,6 +44,7 @@ var HeaderFilter = func(c *revel.Controller, fc []revel.Filter) {
 	c.Response.Out.Header().Add("X-Frame-Options", "SAMEORIGIN")
 	c.Response.Out.Header().Add("X-XSS-Protection", "1; mode=block")
 	c.Response.Out.Header().Add("X-Content-Type-Options", "nosniff")
+	c.Response.Out.Header().Add("Referrer-Policy", "strict-origin-when-cross-origin")
 
 	fc[0](c, fc[1:]) // Execute the next filter stage.
 }