diff options
-rw-r--r-- | src/main.rs | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/main.rs b/src/main.rs index 73de77d..8005892 100644 --- a/src/main.rs +++ b/src/main.rs @@ -240,6 +240,10 @@ async fn service<C: Controller>( .parse() .unwrap() }); + + // don't leak the hostname of the GitPad instance when following external links + resp.headers_mut() + .insert(header::REFERRER_POLICY, "same-origin".parse().unwrap()); resp } |