From 8bbcb9902e03fac862342efd260336900a3a48f9 Mon Sep 17 00:00:00 2001
From: justcool393 <justcool393@gmail.com>
Date: Sat, 29 Oct 2022 16:50:33 -0500
Subject: [PATCH] HTTP referer: move setting it to nginx from python

---
 files/__main__.py | 1 -
 nginx.conf        | 1 +
 2 files changed, 1 insertion(+), 1 deletion(-)

diff --git a/files/__main__.py b/files/__main__.py
index 0d8cb3600..8a4090b54 100644
--- a/files/__main__.py
+++ b/files/__main__.py
@@ -112,7 +112,6 @@ def before_request():
 def after_request(response):
 	response.headers.add("Strict-Transport-Security", "max-age=31536000")
 	response.headers.add("X-Frame-Options", "deny")
-	response.headers.add("Referrer-Policy", "same-origin")
 	if response.status_code < 400:
 		g.db.commit()
 		g.db.close()
diff --git a/nginx.conf b/nginx.conf
index 026ccccbb..f0cb971ca 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -4,6 +4,7 @@ server {
 	listen      80;
 	listen [::]:80;
 	proxy_set_header Host $http_host;
+	add_header Referrer-Policy sameorigin;
 
 	location / {
 		proxy_pass http://localhost:5000/;