This is an automated email from the ASF dual-hosted git repository.
sbp pushed a commit to branch sbp
in repository https://gitbox.apache.org/repos/asf/tooling-trusted-releases.git
The following commit(s) were added to refs/heads/sbp by this push:
new 0150111c Remove Referrer-Policy, which is now set in the frontend proxy
0150111c is described below
commit 0150111c06265d809b514e6395ad90b50cde23d1
Author: Sean B. Palmer <[email protected]>
AuthorDate: Wed Mar 11 20:14:10 2026 +0000
Remove Referrer-Policy, which is now set in the frontend proxy
---
atr/server.py | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/atr/server.py b/atr/server.py
index 51a6577b..b31418fd 100644
--- a/atr/server.py
+++ b/atr/server.py
@@ -565,7 +565,7 @@ def _app_setup_security_headers(app: base.QuartApp) -> None:
async def add_security_headers(response: quart.Response) -> quart.Response:
response.headers["Content-Security-Policy"] = csp_header
response.headers["Permissions-Policy"] = permissions_policy
- response.headers["Referrer-Policy"] = "same-origin"
+ # audit_guidance we set Referrer-Policy: same-origin in our frontend
proxy
# audit_guidance we set X-Content-Type-Options: nosniff in our
frontend proxy
# audit_guidance we set X-Frame-Options: DENY in our frontend proxy
response.headers["X-Permitted-Cross-Domain-Policies"] = "none"
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
