From 39ad6c8d5d3c474b8dad2548729fe96c562c7daf Mon Sep 17 00:00:00 2001
From: Konrad Borowski <konrad@borowski.pw>
Date: Mon, 4 Mar 2019 09:56:04 +0100
Subject: [PATCH] Disable referrers

---
 src/main.rs | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/main.rs b/src/main.rs
index 57952cc..fa7d77f 100644
--- a/src/main.rs
+++ b/src/main.rs
@@ -8,7 +8,7 @@ use actix_diesel::Database;
 use actix_web::error::InternalError;
 use actix_web::fs::{NamedFile, StaticFiles};
 use actix_web::http::header::{
-    CONTENT_SECURITY_POLICY, LOCATION, X_FRAME_OPTIONS, X_XSS_PROTECTION,
+    CONTENT_SECURITY_POLICY, LOCATION, REFERRER_POLICY, X_FRAME_OPTIONS, X_XSS_PROTECTION,
 };
 use actix_web::http::{Method, StatusCode};
 use actix_web::middleware::{DefaultHeaders, Logger};
@@ -209,7 +209,8 @@ fn main() -> io::Result<()> {
                         ),
                     )
                     .header(X_FRAME_OPTIONS, "DENY")
-                    .header(X_XSS_PROTECTION, "1; mode=block"),
+                    .header(X_XSS_PROTECTION, "1; mode=block")
+                    .header(REFERRER_POLICY, "no-referrer"),
             )
             .resource("/", |r| {
                 r.method(Method::GET).with(index);