Setting link-type noreferrer does not work, set global referrer-policy instead (see http://w3c.github.io/webappsec/specs/referrer-policy/).

10 years ago · c5c62b3b0c
2 changed files with 2 additions and 1 deletions
--- a/html/head.html
+++ b/html/head.html
@ -4,6 +4,7 @@
				@@ -4,6 +4,7 @@
 <meta name="apple-mobile-web-app-capable" content="yes">
 <meta name="mobile-web-app-capable" content="yes">
 <meta http-equiv="X-UA-Compatible" content="IE=edge,chrome=1">
+<meta name="referrer" content="no-referrer">
 <base href="<%.Cfg.B%>">
 <%if.Csp%><link rel="stylesheet" type="text/css" href="<%.Cfg.S%>/css/csp.min.css"><%end%>
 <link rel="stylesheet" type="text/css" href="<%.Cfg.S%>/css/bootstrap.min.css">
--- a/static/js/services/enrichmessage.js
+++ b/static/js/services/enrichmessage.js
@ -29,7 +29,7 @@ define([], function() {
				@@ -29,7 +29,7 @@ define([], function() {
 		var enrichMessage = {
 			url: function(s) {
 				s = linky(s);
-				s = s.replace(/<a/g, '<a rel="external noreferrer"');
+				s = s.replace(/<a/g, '<a rel="external"');
 				return s;
 			},
 			multiline: function(s) {