mbk-lab
/
nextcloud
2
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Don't show referrer policy warning if fallback policy set. 

Test-Set:

no-referrer-when-downgrade
no-referrer
strict-origin-when-cross-origin
same-origin
no-referrer, strict-origin-when-cross-origin
strict-origin-
unsafe-raw, same-origin
strict-origin-when-downgrade

Signed-off-by: Daniel Kesselberg <mail@danielkesselberg.de>
This commit is contained in:
Daniel Kesselberg 2020-02-26 23:14:38 +01:00
parent deb92dc36b
commit 6eb466776b
No known key found for this signature in database
GPG Key ID: 36E3664E099D0614
1 changed files with 3 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
core/js/setupchecks.js
View File

@ -573,12 +573,8 @@
}); });
} }
if (!xhr.getResponseHeader('Referrer-Policy') || const referrerPolicy = xhr.getResponseHeader('Referrer-Policy')
(xhr.getResponseHeader('Referrer-Policy').toLowerCase() !== 'no-referrer' && if (referrerPolicy === null || !/(no-referrer(-when-downgrade)?|strict-origin(-when-cross-origin)?|same-origin)(,|$)/.test(referrerPolicy)) {
xhr.getResponseHeader('Referrer-Policy').toLowerCase() !== 'no-referrer-when-downgrade' &&
xhr.getResponseHeader('Referrer-Policy').toLowerCase() !== 'strict-origin' &&
xhr.getResponseHeader('Referrer-Policy').toLowerCase() !== 'strict-origin-when-cross-origin' &&
xhr.getResponseHeader('Referrer-Policy').toLowerCase() !== 'same-origin')) {
messages.push({ messages.push({
msg: t('core', 'The "{header}" HTTP header is not set to "{val1}", "{val2}", "{val3}", "{val4}" or "{val5}". This can leak referer information. See the <a target="_blank" rel="noreferrer noopener" href="{link}">W3C Recommendation ↗</a>.', msg: t('core', 'The "{header}" HTTP header is not set to "{val1}", "{val2}", "{val3}", "{val4}" or "{val5}". This can leak referer information. See the <a target="_blank" rel="noreferrer noopener" href="{link}">W3C Recommendation ↗</a>.',
{ {
@ -591,7 +587,7 @@
link: 'https://www.w3.org/TR/referrer-policy/' link: 'https://www.w3.org/TR/referrer-policy/'
}), }),
type: OC.SetupChecks.MESSAGE_TYPE_INFO type: OC.SetupChecks.MESSAGE_TYPE_INFO
}); })
} }
} else { } else {
messages.push({ messages.push({