Closed unakriti closed 1 year ago
That shouldn't be the case. But I can see it on my tests too. But only after I press CTRL-F5 on a page which is why it wasn't seen before.
The weird thing is that sites served with the nginx server sends the same values for that header. You can compare the two sets of headers using the network tab from the browser. They're exact.
But only sites served up by OLS causes the browser to throw that error. And only chromium browsers do it. Firefox doesn't show it at all.
So weird.
You are right, I do not see the issue on NGINX sites. I am testing on Brave browser which I guess is Chromium-based.
Not sure whether its a valid solution in this scenario but according to a StackExchange thread, it could be a problem with htaccess config. Details here - https://stackoverflow.com/questions/39943549/error-int-the-failed-to-set-referrer-policy
Kind regards,
The header is set in the vhost file actually, not in .htaccess.
Regardless, it's weird behavior for sure.
I think we figured this out. Grab the latest files from the dev branch. We'll push out a new beta with this fix this weekend.
Thank you.
I just tried V5.1 (downloaded from my WPCD account) and I can see the issue persists. Could I be missing something here?
Kind regards,
Check the set-referrer policy in your existing sites - it probably has a semicolon on the end. Just remove it and restart the lsws server. That should resolve the issue on existing sites. You should not see the issue on new sites.
Thank you. Yes, I moved an old site to a new server and the error persisted. However, when I create a new site things look better - no console errors. Appreciate your help.
Edit: Version used Beta 08
Hi,
I am using the default Security Tweaks for a website on a new OLS server. Screenshot below:
When I view either the frontend or the backend of the newly deployed site, there's this browser console error. Screenshot below:
Failed to set referrer policy: The value 'strict-origin-when-cross-origin, no-referrer, strict-origin-when-cross-origin;' is not one of 'no-referrer', 'no-referrer-when-downgrade', 'origin', 'origin-when-cross-origin', 'same-origin', 'strict-origin', 'strict-origin-when-cross-origin', or 'unsafe-url'. The referrer policy has been left unchanged.
Is this expected behaviour?
Thanks,