Mercurial > prosody-modules
comparison mod_http_oauth2/mod_http_oauth2.lua @ 5479:30e2722c9fa3
mod_http_oauth2: Disable Referrer via header
Prevents the various parameters from potentially ending up in logs, as
well as reduces the size of requests.
| author | Kim Alvefur <zash@zash.se> |
|---|---|
| date | Thu, 18 May 2023 14:47:54 +0200 |
| parents | af105c7a24b2 |
| children | 5108f63e762b |
comparison
equal
deleted
inserted
replaced
| 5478:af105c7a24b2 | 5479:30e2722c9fa3 |
|---|---|
| 59 local resp = { | 59 local resp = { |
| 60 status_code = data.error and data.error.code or 200; | 60 status_code = data.error and data.error.code or 200; |
| 61 headers = { | 61 headers = { |
| 62 ["Content-Type"] = "text/html; charset=utf-8"; | 62 ["Content-Type"] = "text/html; charset=utf-8"; |
| 63 ["Content-Security-Policy"] = "default-src 'self'"; | 63 ["Content-Security-Policy"] = "default-src 'self'"; |
| 64 ["Referrer-Policy"] = "no-referrer"; | |
| 64 ["X-Frame-Options"] = "DENY"; | 65 ["X-Frame-Options"] = "DENY"; |
| 65 ["Cache-Control"] = (sensitive and "no-store" or "no-cache")..", private"; | 66 ["Cache-Control"] = (sensitive and "no-store" or "no-cache")..", private"; |
| 66 }; | 67 }; |
| 67 body = _render_html(template, data); | 68 body = _render_html(template, data); |
| 68 }; | 69 }; |