Uploaded image for project: 'Jira Data Center'
  1. Jira Data Center
  2. JRASERVER-72159

Ability to disable/configure the Referrer-Policy flag in security headers

XMLWordPrintable

    • Icon: Suggestion Suggestion
    • Resolution: Unresolved
    • None
    • Tomcat
    • None
    • 1
    • 9
    • We collect Jira feedback from various sources, and we evaluate what we've collected when planning our product roadmap. To understand how this piece of feedback will be reviewed, see our Implementation of New Features Policy.

      Customer would like to change the Referrer-Policy header to "strict-origin", so It doesn't make data leakage and never share the full URL, even for same-origin requests. However Referrer-Policy: strict-origin-when-cross-origin header is hardcoded in our sources, so there is no way to disable or configure it at application level.

       

              Unassigned Unassigned
              c0365eb4a5cb Neel
              Votes:
              6 Vote for this issue
              Watchers:
              4 Start watching this issue

                Created:
                Updated: