const classafSleepSafe::ReferrerPolicyGuard
sys::Obj afSleepSafe::ReferrerPolicyGuard : afSleepSafe::Guard
Guards against internal URL leakage by setting a Referrer-Policy
HTTP response header that tells browsers how and when to transmit the HTTP Referer (sic) header.
Referrer-Policy: same-origin
See Referrer-Policy on MDN for details.
IoC Configuration
afIocConfig Key | Value |
---|---|
| Defines when the referrer header should be sent. |
Defaults to no-referrer, strict-origin-when-cross-origin
which disables referrers for browsers that don't support strict-origin-when-cross-origin
. See Web Security Guidelines for details.
Example:
@Contribute { serviceType=ApplicationDefaults# } Void contributeAppDefaults(Configuration config) { config["afSleepSafe.referrerPolicy"] = "no-referrer" }
To disable, remove this class from the SleepSafeMiddleware
configuration:
@Contribute { serviceType=SleepSafeMiddleware# } Void contributeSleepSafeMiddleware(Configuration config) { config.remove(ReferrerPolicyGuard#) }