https://groups.google.com/forum/#!topic/django-developers/DDpkrvFdnvk
Other parts of that proposal still need work, but Referrer-Policy seemed
to have consensus to go ahead and do.
--
Ticket URL: <https://code.djangoproject.com/ticket/29406>
Django <https://code.djangoproject.com/>
The Web framework for perfectionists with deadlines.
Comment (by James Bennett):
I'm going to leave this on hold for now. I'm currently supporting the
feature via a third-party app (django-referrer-policy), and I want to work
out the issues with browser support there, rather than burden Django
itself with them. Once that's figured out, I'll contribute the code back
to Django.
--
Ticket URL: <https://code.djangoproject.com/ticket/29406#comment:1>
* stage: Accepted => Someday/Maybe
--
Ticket URL: <https://code.djangoproject.com/ticket/29406#comment:2>
* has_patch: 0 => 1
* stage: Someday/Maybe => Accepted
Comment:
I reopened a [https://github.com/django/django/pull/11732 PR] based on
James initial work.
I hope that in conjunction with #30426, this would mean a more secure
Django 3.0 by default.
--
Ticket URL: <https://code.djangoproject.com/ticket/29406#comment:3>
Comment (by Claude Paroz):
My PR was closed in favor of the
[https://github.com/django/django/pull/11735 one from Nick].
--
Ticket URL: <https://code.djangoproject.com/ticket/29406#comment:4>
* stage: Accepted => Ready for checkin
--
Ticket URL: <https://code.djangoproject.com/ticket/29406#comment:5>
* status: assigned => closed
* resolution: => fixed
Comment:
In [changeset:"406dba04e1482a308cad74e3d06c050c76ba2d16" 406dba04]:
{{{
#!CommitTicketReference repository=""
revision="406dba04e1482a308cad74e3d06c050c76ba2d16"
Fixed #29406 -- Added support for Referrer-Policy header.
Thanks to James Bennett for the initial implementation.
}}}
--
Ticket URL: <https://code.djangoproject.com/ticket/29406#comment:6>