Set Referrer-Policy to origin in web UI and public pages of private toots (#7162)

Fix #7115
7 years ago · 6e051e9c55
parent 4f460eba18
commit 6e051e9c55
2 changed files with 11 additions and 0 deletions
--- a/app/controllers/home_controller.rb
+++ b/app/controllers/home_controller.rb
@ -2,6 +2,7 @@

 class HomeController < ApplicationController
  before_action :authenticate_user!
+  before_action :set_referrer_policy_header
  before_action :set_initial_state_json

  def index
@ -62,4 +63,8 @@ class HomeController < ApplicationController
      about_path
    end
  end
+
+  def set_referrer_policy_header
+    response.headers['Referrer-Policy'] = 'origin'
+  end
 end
--- a/app/controllers/statuses_controller.rb
+++ b/app/controllers/statuses_controller.rb
@ -13,6 +13,7 @@ class StatusesController < ApplicationController
  before_action :set_link_headers
  before_action :check_account_suspension
  before_action :redirect_to_original, only: [:show]
+  before_action :set_referrer_policy_header, only: [:show]
  before_action :set_cache_headers

  def show
@ -81,4 +82,9 @@ class StatusesController < ApplicationController
  def redirect_to_original
    redirect_to ::TagManager.instance.url_for(@status.reblog) if @status.reblog?
  end
+
+  def set_referrer_policy_header
+    return if @status.public_visibility? || @status.unlisted_visibility?
+    response.headers['Referrer-Policy'] = 'origin'
+  end
 end