Skip to content

Use the correct referrer-policy to remove the referrer #61

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
wants to merge 1 commit into from
Closed

Use the correct referrer-policy to remove the referrer #61

wants to merge 1 commit into from

Conversation

fmarier
Copy link

@fmarier fmarier commented Mar 22, 2021

same-origin will send the full referrer information when following links within the Matomo instance, but nothing when following a link to another website.

https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin

@fmarier
Use the correct referrer-policy to remove the referrer
9a4b9a1 
`same-origin` will send the full referrer information when following links within the Matomo instance, but nothing when following a link to another website.

https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin
@Findus23
Copy link
Collaborator

I'm not really sure if this even needed anymore as Matomo now always sends a header (matomo-org/matomo#15673).

Then again which referrer-policy is the best depends totally on the usecase.

@fmarier
Copy link
Author

fmarier commented Mar 23, 2021

Then again which referrer-policy is the best depends totally on the usecase.

Sure. My PR is about making the referrer policy match the comment next to it. Right now the comment is not accurate.

@Findus23 Findus23 mentioned this pull request Mar 23, 2021
Merged
10 tasks
@Findus23
Copy link
Collaborator

You are indeed right, it seems like I mixed this up.

I still think it is better to now solve this completly in Matomo (matomo-org/matomo#17382), remove the line from the config and if someone wants to have another policy they can simply adapt their server config.

@etec-masterofsynapse etec-masterofsynapse mentioned this pull request Aug 6, 2022
Open
@andreas-bruckmeier
Copy link

I agree with @Findus23 that the line should be removed from the nginx config.
In matomo-org/matomo#14766 and matomo-org/matomo#15673 the ability to switch between "same-origin" and "no-referrer-when-downgrade" has been introduced which is needed by the overlay plugin to work. When we set a fixed header in nginx, the plugin does not work.

@fmarier fmarier closed this Jun 25, 2025
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@fmarier @Findus23 @andreas-bruckmeier