Project

General

Profile

The "Referrer-Policy" HTTP-Header is not set to "no-referrer", "no-referrer-when-downgrade", "strict-origin" or "strict-origin-when-cross-origin".

Added by Ireng over 5 years ago

I received this message form my nextcloud 14.0 installation and do not have any idea on how to change the configuration in lighttpd 1.4.4 on DEBIAN 9.4

Could anyone please direct me to the right solution ??

Many, many thanks in advance for your assitance!

regads, Ireeng

PS. Solved!


Replies (3)

RE: The "Referrer-Policy" HTTP-Header is not set to "no-referrer", "no-referrer-when-downgrade", "strict-origin" or "strict-origin-when-cross-origin". - Added by crest over 5 years ago

Hello Ireng,

Since I've got the same in my Nextcloud installation it would be great if you could share your solution!

This is what I tried

$HTTP["scheme"]=="https"{setenv.add-response-header=(
"Strict-Transport-Security"=>"max-age=63072000;includeSubdomains;",
"Referrer-Policy"=>"no-referrer;" 
)}

Restarting the service with these settings worked without error but still get the "The "Referrer-Policy" HTTP-Header is not set to "no-referrer", ..." warning.

Many thanks in advance!
crest

[Solved] RE: The "Referrer-Policy" HTTP-Header is not set to "no-referrer", "no-referrer-when-downgrade", "strict-origin" or "strict-origin-when-cross-origin". - Added by crest over 5 years ago

Finally I found the solution, this worked and prevents the warning from Nextcloud.

server.modules += ("mod_setenv")
setenv.set-response-header = ("Referrer-Policy"=>"no-referrer")

Regards
crest

    (1-3/3)