Fix Refferer Origin policy

[vodolaz095]

@asharma-ror has Chrome on Ubuntu and have this error:

`Failed to set referrer policy: The value 'strict-origin' is not one of 'no-referrer', 'no-referrer-when-downgrade', 'origin', 'origin-when-cross-origin', or 'unsafe-url'. The referrer policy has been left unchanged.`

@vodolaz095 has Firefox on Fedora 24 linux and has origin be wrong argument.

We need to make consensus

Additional info

1. https://scotthelme.co.uk/a-new-security-header-referrer-policy/
2. https://helmetjs.github.io/docs/referrer-policy/

[vodolaz095]

Here is how it is set in code

https://github.com/starlightgroup/flash2/blob/production/app.js#L85

[vodolaz095]

Possibly NGINX config can send bad headers - need to consult with @vladislavtomenko

[vodolaz095]

@sledderGIT found this funny (as he says) table

http://caniuse.com/#feat=referrer-policy

He things ok to use same-origin

[sledderGIT]

It seems that same-origin will not work in chrome as well, so I suggest to use origin

[vodolaz095]

it seems fixed