Always send a referrer-policy header (#15673)

author: Søren Birkemeyer <polarbirke@gmx.de> 2020-03-11 19:09:34 +0300
committer: GitHub <noreply@github.com> 2020-03-11 19:09:34 +0300
commit: 59bc435210cfed6f3cd36ca27db8c5722d5b1a96 (patch)
tree: 163cd921d23ec3502f9118498291564127c03db3
parent: 92232cd78ee9b8ffb92c422dc28083caeebfed4b (diff)
1 files changed, 3 insertions, 0 deletions
diff --git a/core/View.php b/core/View.php
index 1424736fc4..fba7366e4c 100644
--- a/core/View.php
+++ b/core/View.php
@@ -287,6 +287,9 @@ class View implements ViewInterface
         // don't send Referer-Header for outgoing links
         if (!empty($this->useStrictReferrerPolicy)) {
             Common::sendHeader('Referrer-Policy: same-origin');
+        } else {
+            // always send explicit default header
+            Common::sendHeader('Referrer-Policy: no-referrer-when-downgrade');
         }
 
         return $this->renderTwigTemplate();
author	Søren Birkemeyer <polarbirke@gmx.de>	2020-03-11 19:09:34 +0300
committer	GitHub <noreply@github.com>	2020-03-11 19:09:34 +0300
commit	59bc435210cfed6f3cd36ca27db8c5722d5b1a96 (patch)
tree	163cd921d23ec3502f9118498291564127c03db3
parent	92232cd78ee9b8ffb92c422dc28083caeebfed4b (diff)