From 6de28964d7a306a841a27c8a090538fcf563d43a Mon Sep 17 00:00:00 2001
From: spwoodcock <sam.woodcock@protonmail.com>
Date: Sun, 28 Apr 2024 22:39:02 +0100
Subject: [PATCH] fix: make referer policy header less strict in prod (for
 rails)

---
 nginx/options-security.conf | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/nginx/options-security.conf b/nginx/options-security.conf
index 7b62ca3..d64299e 100644
--- a/nginx/options-security.conf
+++ b/nginx/options-security.conf
@@ -1,4 +1,4 @@
-add_header Referrer-Policy                   "no-referrer"       always;
+add_header Referrer-Policy                   "same-origin"       always;
 add_header X-Content-Type-Options            "nosniff"           always;
 add_header X-Frame-Options                   "SAMEORIGIN"        always;
 add_header X-Permitted-Cross-Domain-Policies "none"              always;