From 72b97a5b1e22f5d464045be2e33f0436fa8061d3 Mon Sep 17 00:00:00 2001 From: Adam Johnson Date: Wed, 5 Feb 2020 10:02:35 +0000 Subject: Fixed #31232 -- Changed default SECURE_REFERRER_POLICY to 'same-origin'. --- docs/ref/settings.txt | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) (limited to 'docs/ref') diff --git a/docs/ref/settings.txt b/docs/ref/settings.txt index b4a5bdc48f..8c3f6f2b47 100644 --- a/docs/ref/settings.txt +++ b/docs/ref/settings.txt @@ -2395,12 +2395,16 @@ from URL paths, so patterns shouldn't include them, e.g. .. versionadded:: 3.0 -Default: ``None`` +Default: ``'same-origin'`` If configured, the :class:`~django.middleware.security.SecurityMiddleware` sets the :ref:`referrer-policy` header on all responses that do not already have it to the value provided. +.. versionchanged:: 3.1 + + In older versions, the default value is ``None``. + .. setting:: SECURE_SSL_HOST ``SECURE_SSL_HOST`` -- cgit v1.3