mod_http_oauth2: Disable Referrer via header
Prevents the various parameters from potentially ending up in logs, as
well as reduces the size of requests.
--- a/mod_http_oauth2/mod_http_oauth2.lua Thu May 18 14:25:11 2023 +0200
+++ b/mod_http_oauth2/mod_http_oauth2.lua Thu May 18 14:47:54 2023 +0200
@@ -61,6 +61,7 @@
headers = {
["Content-Type"] = "text/html; charset=utf-8";
["Content-Security-Policy"] = "default-src 'self'";
+ ["Referrer-Policy"] = "no-referrer";
["X-Frame-Options"] = "DENY";
["Cache-Control"] = (sensitive and "no-store" or "no-cache")..", private";
};