Open up the referrer policy #421
Conversation
|
@gregsadetsky A weird thing I've been seeing on PRs is that I don't have the power to tag someone as a reviewer or assign it to myself 🤔 Not sure if this is a repo permission thing and it's really not that big of a deal but thought I'd share |
|
Ah interesting! I feel that maybe because I'm the owner I can do this but yeah. No worries. I get pinged on new PRs and look them over. |
|
Also, looking this over - I'm not seeing in the docs that the policy can be multiple values..? Could you point me to where you're seeing that? And also if you wouldn't mind explaining why use all three policies..? I'm not sure I understand how they'd interact with one another. ie why not just use strict-origin ? Cheers! Thanks again for looking into this |
|
@gregsadetsky Here's the part of the docs that explain it: https://docs.djangoproject.com/en/4.1/ref/middleware/#referrer-policy Attaching a screenshot since I'm on my phone |
|
Also the reason for using the 3 policies are fallbacks! Not all browsers/versions of browser support all policies, so I defined 3 with the last one being an older policy to ensure it has support |
|
If you're not too concerned with making sure this works for every browser I'm sure only choosing one would be fine for like 98% of cases |
|
Ahh that makes a ton of sense. And I'm on my phone too so I didn't see the docs on the multiple values ha This is great! Thanks a ton. And I also really do appreciate the comment in the code - leaving that context is really great. |
Closes #417