# HG changeset patch # User Kim Alvefur # Date 1684414074 -7200 # Node ID 30e2722c9fa3ce7c321f9947ae3d47828860d487 # Parent af105c7a24b28de839cd049c4a2a1ca8674774f1 mod_http_oauth2: Disable Referrer via header Prevents the various parameters from potentially ending up in logs, as well as reduces the size of requests. diff -r af105c7a24b2 -r 30e2722c9fa3 mod_http_oauth2/mod_http_oauth2.lua --- a/mod_http_oauth2/mod_http_oauth2.lua Thu May 18 14:25:11 2023 +0200 +++ b/mod_http_oauth2/mod_http_oauth2.lua Thu May 18 14:47:54 2023 +0200 @@ -61,6 +61,7 @@ headers = { ["Content-Type"] = "text/html; charset=utf-8"; ["Content-Security-Policy"] = "default-src 'self'"; + ["Referrer-Policy"] = "no-referrer"; ["X-Frame-Options"] = "DENY"; ["Cache-Control"] = (sensitive and "no-store" or "no-cache")..", private"; };