Add 'Referrer-Policy' header to default headers set

author: Guillermo Iguaran <guilleiguaran@gmail.com> 2018-01-08 22:14:22 -0500
committer: Guillermo Iguaran <guilleiguaran@gmail.com> 2018-01-08 22:14:22 -0500
commit: 428939be9f954d39b0c41bc53d85d0d106b9d1a1 (patch)
tree: c3a778b9f587337fee46f5852a162c3f4b649f34 /actionpack/lib/action_dispatch
parent: f17137b0a1903203b09301b8141b5baf54561ef0 (diff)
download: rails-428939be9f954d39b0c41bc53d85d0d106b9d1a1.tar.gz
rails-428939be9f954d39b0c41bc53d85d0d106b9d1a1.tar.bz2
rails-428939be9f954d39b0c41bc53d85d0d106b9d1a1.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/actionpack/lib/action_dispatch/railtie.rb b/actionpack/lib/action_dispatch/railtie.rb
index 95e99987a0..eb6fbca6ba 100644
--- a/actionpack/lib/action_dispatch/railtie.rb
+++ b/actionpack/lib/action_dispatch/railtie.rb
@@ -28,7 +28,8 @@ module ActionDispatch
       "X-XSS-Protection" => "1; mode=block",
       "X-Content-Type-Options" => "nosniff",
       "X-Download-Options" => "noopen",
-      "X-Permitted-Cross-Domain-Policies" => "none"
+      "X-Permitted-Cross-Domain-Policies" => "none",
+      "Referrer-Policy" => "strict-origin-when-cross-origin"
     }
 
     config.action_dispatch.cookies_rotations = ActiveSupport::Messages::RotationConfiguration.new
author	Guillermo Iguaran <guilleiguaran@gmail.com>	2018-01-08 22:14:22 -0500
committer	Guillermo Iguaran <guilleiguaran@gmail.com>	2018-01-08 22:14:22 -0500
commit	428939be9f954d39b0c41bc53d85d0d106b9d1a1 (patch)
tree	c3a778b9f587337fee46f5852a162c3f4b649f34 /actionpack/lib/action_dispatch
parent	f17137b0a1903203b09301b8141b5baf54561ef0 (diff)
download	rails-428939be9f954d39b0c41bc53d85d0d106b9d1a1.tar.gz rails-428939be9f954d39b0c41bc53d85d0d106b9d1a1.tar.bz2 rails-428939be9f954d39b0c41bc53d85d0d106b9d1a1.zip