set Referrer-Policy: same-origin for more privacy

author: Martin Fischer <martin@push-f.com> 2022-07-30 09:15:45 +0200
committer: Martin Fischer <martin@push-f.com> 2022-07-30 09:15:45 +0200
commit: 3dc92796c8674b9e8a1370797723ef1c327085b6 (patch)
tree: aa0842c52420c07fea56c4c2a20bed2ce6d67a87 /src/main.rs
parent: e9532cfbf9b125db3e0d501da1b2d678713b55bb (diff)
1 files changed, 4 insertions, 0 deletions
diff --git a/src/main.rs b/src/main.rs
index 73de77d..8005892 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -240,6 +240,10 @@ async fn service<C: Controller>(
             .parse()
             .unwrap()
         });
+
+    // don't leak the hostname of the GitPad instance when following external links
+    resp.headers_mut()
+        .insert(header::REFERRER_POLICY, "same-origin".parse().unwrap());
     resp
 }
author	Martin Fischer <martin@push-f.com>	2022-07-30 09:15:45 +0200
committer	Martin Fischer <martin@push-f.com>	2022-07-30 09:15:45 +0200
commit	3dc92796c8674b9e8a1370797723ef1c327085b6 (patch)
tree	aa0842c52420c07fea56c4c2a20bed2ce6d67a87 /src/main.rs
parent	e9532cfbf9b125db3e0d501da1b2d678713b55bb (diff)