FIX: remove duplicate referrer policy

Rails already ships with strict-origin-when-cross-origin, no need
to also add no-referrer-when-downgrade

see: https://meta.discourse.org/t/harden-referrer-policy-header/100172
This commit is contained in:
Sam Saffron 2018-10-24 08:38:39 +11:00
parent 0b4edfc7d6
commit 64aca0dc1b
1 changed files with 0 additions and 1 deletions

View File

@ -261,7 +261,6 @@ server {
} }
location @discourse { location @discourse {
add_header Referrer-Policy 'no-referrer-when-downgrade';
proxy_set_header Host $http_host; proxy_set_header Host $http_host;
proxy_set_header X-Request-Start "t=${msec}"; proxy_set_header X-Request-Start "t=${msec}";
proxy_set_header X-Real-IP $remote_addr; proxy_set_header X-Real-IP $remote_addr;