From 4e95a5fed9b72be95f67484d5631fd9b0a62852d Mon Sep 17 00:00:00 2001
From: jon r <yala@allmende.io>
Date: Mon, 6 May 2019 21:51:30 +0200
Subject: [PATCH] Add Referrer-Policy to nginx.conf

This is needed for newer Nextcloud versions, supposedly from v15 on.

Also see:

- https://help.nextcloud.com/t/solved-referrer-policy-and-content-security-policy-broken-on-nginx-only-setup/49212/9

This is also reported on /settings/admin/overview if not present.
---
 nginx.conf | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/nginx.conf b/nginx.conf
index 3ea6a31..c192d78 100644
--- a/nginx.conf
+++ b/nginx.conf
@@ -20,6 +20,7 @@ http {
     add_header X-Robots-Tag none;
     add_header X-Download-Options noopen;
     add_header X-Permitted-Cross-Domain-Policies none;
+    add_header Referrer-Policy no-referrer;
 
     root /var/www/html;
 
@@ -92,6 +93,7 @@ http {
         add_header X-Robots-Tag none;
         add_header X-Download-Options noopen;
         add_header X-Permitted-Cross-Domain-Policies none;
+        add_header Referrer-Policy no-referrer;
         # Optional: Don't log access to assets
         access_log off;
     }
-- 
GitLab