Join GitHub today
GitHub is home to over 50 million developers working together to host and review code, manage projects, and build software together.Sign up
Add Rack::Protection::ReferrerPolicy #1291
Hi everyone. I decided to implement the Referrer-Policy header for rack-protection. It's a really simple header with just a string value, more information:
I considered making it enabled by default, since it has low risk of breaking the web, but I want your opinion first.
Worth noting is that the default value I picked, "strict-origin-when-cross-origin", does not work in Chrome at the moment. I picked it as it will be the most sensible default in the future, especially if this is enabled by default. See this bug: https://bugs.chromium.org/p/chromium/issues/detail?id=627968
@stefansundin Thanks for creating this.
The Chrome issue you linked to has since been marked fixed.
Does that fact change any of your earlier assessment of the mergeability of this change?
I think the note was talking about renaming something internally. But we can still wait.