From: Kevin Decherf <kevin@kdecherf.com>
Date: Wed, 1 May 2019 12:05:38 +0000 (+0200)
Subject: Enable no-referrer on img tags, enable strict-origin-when-cross-origin by default
X-Git-Tag: 2.3.8~4^2~1
X-Git-Url: https://git.immae.eu/?p=github%2Fwallabag%2Fwallabag.git;a=commitdiff_plain;h=2dbb5b2307ceefc92b465a7cbd2d0ecf512a491b

Enable no-referrer on img tags, enable strict-origin-when-cross-origin by default

Fixes #3889

Signed-off-by: Kevin Decherf <kevin@kdecherf.com>
---

diff --git a/src/Wallabag/CoreBundle/Helper/ContentProxy.php b/src/Wallabag/CoreBundle/Helper/ContentProxy.php
index 31953f12..bc257ffb 100644
--- a/src/Wallabag/CoreBundle/Helper/ContentProxy.php
+++ b/src/Wallabag/CoreBundle/Helper/ContentProxy.php
@@ -47,6 +47,7 @@ class ContentProxy
      */
     public function updateEntry(Entry $entry, $url, array $content = [], $disableContentUpdate = false)
     {
+        $this->graby->toggleImgNoReferrer(true);
         if (!empty($content['html'])) {
             $content['html'] = $this->graby->cleanupHtml($content['html'], $url);
         }
diff --git a/src/Wallabag/CoreBundle/Resources/views/base.html.twig b/src/Wallabag/CoreBundle/Resources/views/base.html.twig
index aa388bcb..c0eecd57 100644
--- a/src/Wallabag/CoreBundle/Resources/views/base.html.twig
+++ b/src/Wallabag/CoreBundle/Resources/views/base.html.twig
@@ -8,6 +8,7 @@
         {% block head %}
             <meta name="viewport" content="initial-scale=1.0">
             <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+            <meta name="referrer" content="strict-origin-when-cross-origin">
             <!--[if IE]>
             <meta http-equiv="X-UA-Compatible" content="IE=10">
             <![endif]-->