Open fmarier opened 3 years ago
Findus23
commented
3 years ago I'm not really sure if this even needed anymore as Matomo now always sends a header (https://github.com/matomo-org/matomo/pull/15673).
Then again which referrer-policy is the best depends totally on the usecase.
fmarier
commented
3 years ago Then again which referrer-policy is the best depends totally on the usecase.
Sure. My PR is about making the referrer policy match the comment next to it. Right now the comment is not accurate.
Findus23
commented
3 years ago You are indeed right, it seems like I mixed this up.
I still think it is better to now solve this completly in Matomo (https://github.com/matomo-org/matomo/pull/17382), remove the line from the config and if someone wants to have another policy they can simply adapt their server config.
andreas-bruckmeier
commented
1 year ago I agree with @Findus23 that the line should be removed from the nginx config. In https://github.com/matomo-org/matomo/pull/14766 and https://github.com/matomo-org/matomo/pull/15673 the ability to switch between "same-origin" and "no-referrer-when-downgrade" has been introduced which is needed by the overlay plugin to work. When we set a fixed header in nginx, the plugin does not work.
same-originwill send the full referrer information when following links within the Matomo instance, but nothing when following a link to another website.https://w3c.github.io/webappsec-referrer-policy/#referrer-policy-same-origin