strict-origin gives Referrer Policy warning

andersju / webbkoll

An online tool that checks how a website is doing with regards to privacy

MIT License

266 stars 28 forks source link

strict-origin gives Referrer Policy warning #13

Closed mikaelnet closed 5 years ago

mikaelnet commented 5 years ago

For some reason a Referrer-Policy of strict-origin gives a warning (worker.ex:305), but gives success for same-origin. Correct me if I'm wrong, but isn't strict-origin safer? I.e. it's the same as same-origin, but will never include it when transitioning from https to http.

I suggest either adding strict-origin to the safe list or switch places of the two, so that same-origin gives a warning and strict-origin gives a success.

mikaelnet commented 5 years ago

Never mind. My mistake. This is correctly implemented