aboutsummaryrefslogtreecommitdiffhomepage
path: root/src/Wallabag
diff options
context:
space:
mode:
authorKevin Decherf <kevin@kdecherf.com>2019-05-12 23:44:33 +0200
committerGitHub <noreply@github.com>2019-05-12 23:44:33 +0200
commit295b71442692744c4d2b56b70fbbb8f32613b150 (patch)
tree9d6f52b8c2bc72fd3c713da51cf81c131fa7912f /src/Wallabag
parent570113208bc0f53219ed6fb6bb72b6191f884bc1 (diff)
parent9ae5bd9e1069a813b9aa696e5cbbbdb41667ef1f (diff)
downloadwallabag-295b71442692744c4d2b56b70fbbb8f32613b150.tar.gz
wallabag-295b71442692744c4d2b56b70fbbb8f32613b150.tar.zst
wallabag-295b71442692744c4d2b56b70fbbb8f32613b150.zip
Merge pull request #3943 from wallabag/img-referrer
Enable no-referrer on img tags, enable strict-origin-when-cross-origin by default
Diffstat (limited to 'src/Wallabag')
-rw-r--r--src/Wallabag/CoreBundle/Helper/ContentProxy.php1
-rw-r--r--src/Wallabag/CoreBundle/Resources/views/base.html.twig1
2 files changed, 2 insertions, 0 deletions
diff --git a/src/Wallabag/CoreBundle/Helper/ContentProxy.php b/src/Wallabag/CoreBundle/Helper/ContentProxy.php
index 31953f12..bc257ffb 100644
--- a/src/Wallabag/CoreBundle/Helper/ContentProxy.php
+++ b/src/Wallabag/CoreBundle/Helper/ContentProxy.php
@@ -47,6 +47,7 @@ class ContentProxy
47 */ 47 */
48 public function updateEntry(Entry $entry, $url, array $content = [], $disableContentUpdate = false) 48 public function updateEntry(Entry $entry, $url, array $content = [], $disableContentUpdate = false)
49 { 49 {
50 $this->graby->toggleImgNoReferrer(true);
50 if (!empty($content['html'])) { 51 if (!empty($content['html'])) {
51 $content['html'] = $this->graby->cleanupHtml($content['html'], $url); 52 $content['html'] = $this->graby->cleanupHtml($content['html'], $url);
52 } 53 }
diff --git a/src/Wallabag/CoreBundle/Resources/views/base.html.twig b/src/Wallabag/CoreBundle/Resources/views/base.html.twig
index aa388bcb..c0eecd57 100644
--- a/src/Wallabag/CoreBundle/Resources/views/base.html.twig
+++ b/src/Wallabag/CoreBundle/Resources/views/base.html.twig
@@ -8,6 +8,7 @@
8 {% block head %} 8 {% block head %}
9 <meta name="viewport" content="initial-scale=1.0"> 9 <meta name="viewport" content="initial-scale=1.0">
10 <meta http-equiv="Content-Type" content="text/html; charset=utf-8" /> 10 <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
11 <meta name="referrer" content="strict-origin-when-cross-origin">
11 <!--[if IE]> 12 <!--[if IE]>
12 <meta http-equiv="X-UA-Compatible" content="IE=10"> 13 <meta http-equiv="X-UA-Compatible" content="IE=10">
13 <![endif]--> 14 <![endif]-->