FIX: remove duplicate referrer policy
Rails already ships with strict-origin-when-cross-origin, no need to also add no-referrer-when-downgrade see: https://meta.discourse.org/t/harden-referrer-policy-header/100172
This commit is contained in:
parent
0b4edfc7d6
commit
64aca0dc1b
|
@ -261,7 +261,6 @@ server {
|
||||||
}
|
}
|
||||||
|
|
||||||
location @discourse {
|
location @discourse {
|
||||||
add_header Referrer-Policy 'no-referrer-when-downgrade';
|
|
||||||
proxy_set_header Host $http_host;
|
proxy_set_header Host $http_host;
|
||||||
proxy_set_header X-Request-Start "t=${msec}";
|
proxy_set_header X-Request-Start "t=${msec}";
|
||||||
proxy_set_header X-Real-IP $remote_addr;
|
proxy_set_header X-Real-IP $remote_addr;
|
||||||
|
|
Loading…
Reference in New Issue