[Django] #29406: Add Referrer-Policy header support

Django

unread,

May 14, 2018, 2:18:34 PM5/14/18

to django-...@googlegroups.com

#29406: Add Referrer-Policy header support
-----------------------------------------+-------------------------------
Reporter: James Bennett | Owner: James Bennett
Type: New feature | Status: assigned
Component: Utilities | Version: master
Severity: Normal | Keywords:
Triage Stage: Accepted | Has patch: 0
Needs documentation: 0 | Needs tests: 0
Patch needs improvement: 0 | Easy pickings: 0
UI/UX: 0 |
-----------------------------------------+-------------------------------
Background information on django-dev list:

https://groups.google.com/forum/#!topic/django-developers/DDpkrvFdnvk

Other parts of that proposal still need work, but Referrer-Policy seemed
to have consensus to go ahead and do.

--
Ticket URL: <https://code.djangoproject.com/ticket/29406>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.

Django

unread,

Jul 5, 2018, 10:59:55 PM7/5/18

to django-...@googlegroups.com

#29406: Add Referrer-Policy header support

-------------------------------+-----------------------------------------

Reporter: James Bennett | Owner: James Bennett
Type: New feature | Status: assigned
Component: Utilities | Version: master

Severity: Normal | Resolution:

Keywords: | Triage Stage: Accepted
Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0

-------------------------------+-----------------------------------------

Comment (by James Bennett):

I'm going to leave this on hold for now. I'm currently supporting the
feature via a third-party app (django-referrer-policy), and I want to work
out the issues with browser support there, rather than burden Django
itself with them. Once that's figured out, I'll contribute the code back
to Django.

--
Ticket URL: <https://code.djangoproject.com/ticket/29406#comment:1>

Django

unread,

Jul 5, 2018, 11:00:05 PM7/5/18

to django-...@googlegroups.com

#29406: Add Referrer-Policy header support

-------------------------------+-----------------------------------------

Reporter: James Bennett | Owner: James Bennett
Type: New feature | Status: assigned
Component: Utilities | Version: master

Severity: Normal | Resolution:
Keywords: | Triage Stage: Someday/Maybe

Has patch: 0 | Needs documentation: 0
Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0

-------------------------------+-----------------------------------------
Changes (by James Bennett):

* stage: Accepted => Someday/Maybe

--
Ticket URL: <https://code.djangoproject.com/ticket/29406#comment:2>

Django

unread,

Aug 31, 2019, 8:56:11 AM8/31/19

to django-...@googlegroups.com

#29406: Add Referrer-Policy header support

-------------------------------+-----------------------------------------

Reporter: James Bennett | Owner: James Bennett
Type: New feature | Status: assigned
Component: Utilities | Version: master

Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0

Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0

-------------------------------+-----------------------------------------
Changes (by Claude Paroz):

* has_patch: 0 => 1
* stage: Someday/Maybe => Accepted

Comment:

I reopened a [https://github.com/django/django/pull/11732 PR] based on
James initial work.
I hope that in conjunction with #30426, this would mean a more secure
Django 3.0 by default.

--
Ticket URL: <https://code.djangoproject.com/ticket/29406#comment:3>

Django

unread,

Sep 2, 2019, 4:12:38 AM9/2/19

to django-...@googlegroups.com

#29406: Add Referrer-Policy header support

-------------------------------+-----------------------------------------

Reporter: James Bennett | Owner: James Bennett
Type: New feature | Status: assigned
Component: Utilities | Version: master

Severity: Normal | Resolution:
Keywords: | Triage Stage: Accepted
Has patch: 1 | Needs documentation: 0

Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0

-------------------------------+-----------------------------------------

Comment (by Claude Paroz):

My PR was closed in favor of the
[https://github.com/django/django/pull/11735 one from Nick].

--
Ticket URL: <https://code.djangoproject.com/ticket/29406#comment:4>

Django

unread,

Sep 9, 2019, 6:39:01 AM9/9/19

to django-...@googlegroups.com

#29406: Add Referrer-Policy header support

-------------------------------------+-------------------------------------

Reporter: James Bennett | Owner: James
| Bennett
Type: New feature | Status: assigned
Component: Utilities | Version: master

Severity: Normal | Resolution:
Keywords: | Triage Stage: Ready for
| checkin
Has patch: 1 | Needs documentation: 0

Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0

-------------------------------------+-------------------------------------
Changes (by Carlton Gibson):

* stage: Accepted => Ready for checkin

--
Ticket URL: <https://code.djangoproject.com/ticket/29406#comment:5>

Django

unread,

Sep 9, 2019, 7:38:06 AM9/9/19

to django-...@googlegroups.com

#29406: Add Referrer-Policy header support

-------------------------------------+-------------------------------------

Reporter: James Bennett | Owner: James
| Bennett

Type: New feature | Status: closed
Component: Utilities | Version: master
Severity: Normal | Resolution: fixed

Keywords: | Triage Stage: Ready for
| checkin

Has patch: 1 | Needs documentation: 0

Needs tests: 0 | Patch needs improvement: 0
Easy pickings: 0 | UI/UX: 0

-------------------------------------+-------------------------------------
Changes (by Carlton Gibson <carlton.gibson@…>):

* status: assigned => closed
* resolution: => fixed

Comment:

In [changeset:"406dba04e1482a308cad74e3d06c050c76ba2d16" 406dba04]:
{{{
#!CommitTicketReference repository=""
revision="406dba04e1482a308cad74e3d06c050c76ba2d16"
Fixed #29406 -- Added support for Referrer-Policy header.