chore(Apache): Don't send the Referer header for cross-origin requests

Fixes #5252
2021-03-12 17:21:13 -05:00 · 2021-03-12 17:21:13 -05:00 · 22b6b4bb9f
parent 4740042bf9
commit 22b6b4bb9f
1 changed files with 3 additions and 0 deletions
--- a/Apache/SOGo.conf
+++ b/Apache/SOGo.conf
@ -22,6 +22,9 @@ Alias /SOGo/WebServerResources/ \
    </IfModule>
 </Directory>

+# Don't send the Referer header for cross-origin requests
+Header always set Referrer-Policy "same-origin"
+
 ## Uncomment the following to enable proxy-side authentication, you will then
 ## need to set the "SOGoTrustProxyAuthentication" SOGo user default to YES and
 ## adjust the "x-webobjects-remote-user" proxy header in the "Proxy" section