remove referrer by default

The referrer CSP is supported by chrome and firefox 38+.

Suppressing the referrer increases the users privacy and the image proxy isn't
any longer required to cloak the referrer on websites which are using hotlinking
protection based on referrers.
This commit is contained in:
Mathias Kresin 2015-05-16 09:35:50 +02:00
parent ea8958a4bf
commit 94cf154691

View File

@ -50,6 +50,7 @@ Router\before(function($action) {
'media-src' => '*',
'img-src' => '*',
'frame-src' => Model\Config\get_iframe_whitelist(),
'referrer' => 'no-referrer',
));
Response\xframe();