26 lines
806 B
Ruby
26 lines
806 B
Ruby
require 'rack/protection'
|
|
|
|
module Rack
|
|
module Protection
|
|
##
|
|
# Prevented attack:: Secret leakage, third party tracking
|
|
# Supported browsers:: mixed support
|
|
# More infos:: https://www.w3.org/TR/referrer-policy/
|
|
# https://caniuse.com/#search=referrer-policy
|
|
#
|
|
# Sets Referrer-Policy header to tell the browser to limit the Referer header.
|
|
#
|
|
# Options:
|
|
# referrer_policy:: The policy to use (default: 'strict-origin-when-cross-origin')
|
|
class ReferrerPolicy < Base
|
|
default_options :referrer_policy => 'strict-origin-when-cross-origin'
|
|
|
|
def call(env)
|
|
status, headers, body = @app.call(env)
|
|
headers['Referrer-Policy'] ||= options[:referrer_policy]
|
|
[status, headers, body]
|
|
end
|
|
end
|
|
end
|
|
end
|