Fix redirect after log-in when `allow_referrer_origin` setting is enabled (#33903)

2 weeks ago · db59f37269
parent 7a50fd8849
commit db59f37269
1 changed files with 1 additions and 1 deletions
--- a/app/controllers/concerns/web_app_controller_concern.rb
+++ b/app/controllers/concerns/web_app_controller_concern.rb
@ -46,6 +46,6 @@ module WebAppControllerConcern
  protected

  def set_referer_header
-    response.set_header('Referrer-Policy', Setting.allow_referrer_origin ? 'origin' : 'same-origin')
+    response.set_header('Referrer-Policy', Setting.allow_referrer_origin ? 'strict-origin-when-cross-origin' : 'same-origin')
  end
 end