Skip to content

feat(proxy): [OCISDEV-342] set referrer-policy to no-referrer#11722

Merged
LukasHirt merged 1 commit intomasterfrom
feat/no-referrer
Oct 27, 2025
Merged

feat(proxy): [OCISDEV-342] set referrer-policy to no-referrer#11722
LukasHirt merged 1 commit intomasterfrom
feat/no-referrer

Conversation

@LukasHirt
Copy link
Contributor

@LukasHirt LukasHirt commented Oct 7, 2025
edited
Loading

Description

Change the Referrer-Policy from 'strict-origin-when-cross-origin' to 'no-referrer' to enhance user privacy and security.

Previously, the origin was sent on cross-origin requests. This change completely removes the Referrer header from all outgoing requests, preventing any potential leakage of browsing information to third parties. This is a more robust approach to protecting user privacy.

Motivation and Context

Better privacy.

How Has This Been Tested?

  • test environment: macos, chrome
  • test case 1: start the server, open the UI and check that the request includes the correct header

Types of changes

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Breaking change (fix or feature that would cause existing functionality to change)
  • Technical debt
  • Tests only (no source changes)

@LukasHirt LukasHirt requested review from 2403905 and kobergj October 7, 2025 09:21
@LukasHirt LukasHirt self-assigned this Oct 7, 2025
@LukasHirt LukasHirt added the Category:Enhancement Add new functionality label Oct 7, 2025
@LukasHirt LukasHirt enabled auto-merge October 7, 2025 09:28
@LukasHirt
Copy link
Contributor Author

LukasHirt commented Oct 9, 2025

Rebased just to sync it with master. No change pushed.

@LukasHirt
feat(proxy): [OCISDEV-342] set referrer-policy to no-referrer
f0b2693 
Change the Referrer-Policy from 'strict-origin-when-cross-origin'
to 'no-referrer' to enhance user privacy and security.

Previously, the origin was sent on cross-origin requests. This change
completely removes the Referrer header from all outgoing requests,
preventing any potential leakage of browsing information to third parties.
This is a more robust approach to protecting user privacy.
@sonarqubecloud
Copy link

sonarqubecloud bot commented Oct 27, 2025

Quality Gate Passed Quality Gate passed

Issues
0 New issues
0 Accepted issues

Measures
0 Security Hotspots
100.0% Coverage on New Code
0.0% Duplication on New Code

See analysis details on SonarQube Cloud

@LukasHirt LukasHirt merged commit 1f5cbe4 into master Oct 27, 2025
4 checks passed
@LukasHirt LukasHirt deleted the feat/no-referrer branch October 27, 2025 09:18
ownclouders pushed a commit that referenced this pull request Oct 27, 2025
@LukasHirt
Merge pull request #11722 from owncloud/feat/no-referrer
323bf48 
feat(proxy): [OCISDEV-342] set referrer-policy to no-referrer
@PrajwolAmatya PrajwolAmatya mentioned this pull request Feb 2, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@2403905 2403905 2403905 approved these changes

@kobergj kobergj Awaiting requested review from kobergj

Assignees

@LukasHirt LukasHirt

Labels

Category:Enhancement Add new functionality

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@LukasHirt @2403905