Fixed #31232 -- Changed default SECURE_REFERRER_POLICY to 'same-origin'.

author: Adam Johnson <me@adamj.eu> 2020-02-05 10:02:35 +0000
committer: Mariusz Felisiak <felisiak.mariusz@gmail.com> 2020-02-05 14:39:01 +0100
commit: 72b97a5b1e22f5d464045be2e33f0436fa8061d3 (patch)
tree: f07339168dd9fd228f9d3eab12046cc545e93b88 /django/conf
parent: 7fa1a93c6c8109010a6ff3f604fda83b604e0e97 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/django/conf/global_settings.py b/django/conf/global_settings.py
index 09c9b95d26..8bb59a4037 100644
--- a/django/conf/global_settings.py
+++ b/django/conf/global_settings.py
@@ -637,6 +637,6 @@ SECURE_HSTS_INCLUDE_SUBDOMAINS = False
 SECURE_HSTS_PRELOAD = False
 SECURE_HSTS_SECONDS = 0
 SECURE_REDIRECT_EXEMPT = []
-SECURE_REFERRER_POLICY = None
+SECURE_REFERRER_POLICY = 'same-origin'
 SECURE_SSL_HOST = None
 SECURE_SSL_REDIRECT = False
author	Adam Johnson <me@adamj.eu>	2020-02-05 10:02:35 +0000
committer	Mariusz Felisiak <felisiak.mariusz@gmail.com>	2020-02-05 14:39:01 +0100
commit	72b97a5b1e22f5d464045be2e33f0436fa8061d3 (patch)
tree	f07339168dd9fd228f9d3eab12046cc545e93b88 /django/conf
parent	7fa1a93c6c8109010a6ff3f604fda83b604e0e97 (diff)