From 5be786659f1d7731827f43bfc18239098f41c634 Mon Sep 17 00:00:00 2001
From: nacho <nacho@ownyourbits.com>
Date: Sun, 16 Sep 2018 09:19:18 -0600
Subject: lamp: add referrer policy for enhanced privacy

---
 changelog.md | 4 +++-
 lamp.sh      | 1 +
 update.sh    | 9 +++++++++
 3 files changed, 13 insertions(+), 1 deletion(-)

diff --git a/changelog.md b/changelog.md
index c24c5353..a787e131 100644
--- a/changelog.md
+++ b/changelog.md
@@ -1,5 +1,7 @@
 
-[v0.59.10](https://github.com/nextcloud/nextcloudpi/commit/e17f56b) (2018-09-04) ncp-web: add hover text for ncp admin header icons
+[v0.59.11](https://github.com/nextcloud/nextcloudpi/commit/701dcd6) (2018-09-16) lamp: add referrer policy for enhanced privacy
+
+[v0.59.10](https://github.com/nextcloud/nextcloudpi/commit/fcbd661) (2018-09-04) ncp-web: add hover text for ncp admin header icons
 
 [v0.59.9 ](https://github.com/nextcloud/nextcloudpi/commit/6a755c3) (2018-09-16) nc-prettyURL: fixes
 
diff --git a/lamp.sh b/lamp.sh
index 4df01510..e828c138 100644
--- a/lamp.sh
+++ b/lamp.sh
@@ -78,6 +78,7 @@ EOF
     cat >> /etc/apache2/apache2.conf <<EOF
 <IfModule mod_headers.c>
   Header always set Strict-Transport-Security "max-age=15768000; includeSubDomains; preload"
+  Header always set Referrer-Policy "no-referrer"
 </IfModule>
 EOF
 
diff --git a/update.sh b/update.sh
index 6bd0cb98..17d2e5d6 100755
--- a/update.sh
+++ b/update.sh
@@ -135,6 +135,15 @@ chmod 770                  /var/www/ncp-web
     apt-get install -y --no-install-recommends php-imagick imagemagick-6-common
   }
 
+  # no-origin policy for enhanced privacy
+  grep -q "Referrer-Policy" /etc/apache2/apache2.conf || {
+    cat >> /etc/apache2/apache2.conf <<EOF
+<IfModule mod_headers.c>
+  Header always set Referrer-Policy "no-referrer"
+</IfModule>
+EOF
+  }
+
 } # end - only live updates
 
 exit 0
-- 
cgit v1.2.3