Open fmarier opened 3 years ago
I'm not really sure if this even needed anymore as Matomo now always sends a header (https://github.com/matomo-org/matomo/pull/15673).
Then again which referrer-policy is the best depends totally on the usecase.
Then again which referrer-policy is the best depends totally on the usecase.
Sure. My PR is about making the referrer policy match the comment next to it. Right now the comment is not accurate.
You are indeed right, it seems like I mixed this up.
I still think it is better to now solve this completly in Matomo (https://github.com/matomo-org/matomo/pull/17382), remove the line from the config and if someone wants to have another policy they can simply adapt their server config.
I agree with @Findus23 that the line should be removed from the nginx config. In https://github.com/matomo-org/matomo/pull/14766 and https://github.com/matomo-org/matomo/pull/15673 the ability to switch between "same-origin" and "no-referrer-when-downgrade" has been introduced which is needed by the overlay plugin to work. When we set a fixed header in nginx, the plugin does not work.
same-origin
will send the full referrer information when following links within the Matomo instance, but nothing when following a link to another website.https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin