Adding referrer policy security header

It will set a default strict `Referrer-Policy ``strict-origin-when-cross-origin`` that controls what referrer information shall be included with requests. More: https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy, https://scotthelme.co.uk/a-new-security-header-referrer-policy/ It can prevent issues like: https://robots.thoughtbot.com/is-your-site-leaking-password-reset-links
2026-01-11 18:54:31 +00:00 · 2018-01-06 14:05:20 +05:30
parent 29e594435c
commit ac056d17af
1 changed files with 1 additions and 0 deletions
--- a/revel/skeleton/app/init.go
+++ b/revel/skeleton/app/init.go
@@ -44,6 +44,7 @@ var HeaderFilter = func(c *revel.Controller, fc []revel.Filter) {
 	c.Response.Out.Header().Add("X-Frame-Options", "SAMEORIGIN")
 	c.Response.Out.Header().Add("X-XSS-Protection", "1; mode=block")
 	c.Response.Out.Header().Add("X-Content-Type-Options", "nosniff")
+	c.Response.Out.Header().Add("Referrer-Policy", "strict-origin-when-cross-origin")

 	fc[0](c, fc[1:]) // Execute the next filter stage.
 }