Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-72159

Ability to disable/configure the Referrer-Policy flag in security headers

    XMLWordPrintable

Details

    • Suggestion
    • Resolution: Unresolved
    • None
    • Tomcat
    • None
    • 2
    • We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

    Description

      Customer would like to change the Referrer-Policy header to "strict-origin", so It doesn't make data leakage and never share the full URL, even for same-origin requests. However Referrer-Policy: strict-origin-when-cross-origin header is hardcoded in our sources, so there is no way to disable or configure it at application level.

       

      Attachments

        Activity

          People

            Unassigned Unassigned
            c0365eb4a5cb Neel
            Votes:
            4 Vote for this issue
            Watchers:
            3 Start watching this issue

            Dates

              Created:
              Updated: