@@ -550,6 +550,7 @@ public function sendHttpHeaders()
550550 . $ captcha_url
551551 . $ GLOBALS ['cfg ' ]['CSPAllow ' ]
552552 . "; "
553+ . "referrer no-referrer; "
553554 . "img-src 'self' data: "
554555 . $ GLOBALS ['cfg ' ]['CSPAllow ' ]
555556 . $ map_tile_urls
@@ -561,6 +562,7 @@ public function sendHttpHeaders()
561562 . $ captcha_url
562563 . $ GLOBALS ['cfg ' ]['CSPAllow ' ] . '; '
563564 . "options inline-script eval-script; "
565+ . "referrer no-referrer; "
564566 . "img-src 'self' data: "
565567 . $ GLOBALS ['cfg ' ]['CSPAllow ' ]
566568 . $ map_tile_urls
@@ -575,6 +577,7 @@ public function sendHttpHeaders()
575577 . $ captcha_url
576578 . $ GLOBALS ['cfg ' ]['CSPAllow ' ]
577579 . " 'unsafe-inline' 'unsafe-eval'; "
580+ . "referrer no-referrer; "
578581 . "style-src 'self' 'unsafe-inline' "
579582 . $ captcha_url
580583 . '; '
@@ -636,6 +639,7 @@ private function _getHtmlStart()
636639 private function _getMetaTags ()
637640 {
638641 $ retval = '<meta charset="utf-8" /> ' ;
642+ $ retval .= '<meta name="referrer" content="none" /> ' ;
639643 $ retval .= '<meta name="robots" content="noindex,nofollow" /> ' ;
640644 $ retval .= '<meta http-equiv="X-UA-Compatible" content="IE=Edge"> ' ;
641645 if (! $ GLOBALS ['cfg ' ]['AllowThirdPartyFraming ' ]) {
0 commit comments