recaptime.dev / phorge
@recaptime-dev's working patches + fork for Phorge, a community fork of Phabricator. (Upstream dev and stable branches are at upstream/main and upstream/stable respectively.) hq.recaptime.dev/wiki/Phorge
phorge phabricator
1
fork

Configure Feed

Select the types of activity you want to include in your feed.

Add "Referrer-Policy: no-referrer" to standard HTTP headers

Summary:
Ref T4340. Some browsers respect this header and referrers are a plague upon the earth.

Also, upgrade "never" to the more modern value "no-referrer".

Test Plan:
In Safari, Firefox and Chrome, disabled `rel="noreferrer"` on links and generated a normal link to an external site. Then clicked it and checked if a referrer was sent.

- Safari respects meta only, but "no-referrer" is fine.
- Firefox respects both (either the header or meta tag are individually sufficient to stop referrers).
- Chrome respects both (same as Firefox).

Maniphest Tasks: T4340

Differential Revision: https://secure.phabricator.com/D19144

epriestley 9658249a dba4c4bd

+3 -1
+2
src/aphront/response/AphrontResponse.php
··· 92 92 $headers[] = array('Content-Security-Policy', $csp); 93 93 } 94 94 95 + $headers[] = array('Referrer-Policy', 'no-referrer'); 96 + 95 97 return $headers; 96 98 } 97 99
+1 -1
src/view/page/PhabricatorBarePageView.php
··· 119 119 'meta', 120 120 array( 121 121 'name' => 'referrer', 122 - 'content' => 'never', 122 + 'content' => 'no-referrer', 123 123 )); 124 124 125 125 $response = CelerityAPI::getStaticResourceResponse();