From 2dbb5b2307ceefc92b465a7cbd2d0ecf512a491b Mon Sep 17 00:00:00 2001 From: Kevin Decherf Date: Wed, 1 May 2019 14:05:38 +0200 Subject: Enable no-referrer on img tags, enable strict-origin-when-cross-origin by default Fixes #3889 Signed-off-by: Kevin Decherf --- src/Wallabag/CoreBundle/Helper/ContentProxy.php | 1 + src/Wallabag/CoreBundle/Resources/views/base.html.twig | 1 + 2 files changed, 2 insertions(+) diff --git a/src/Wallabag/CoreBundle/Helper/ContentProxy.php b/src/Wallabag/CoreBundle/Helper/ContentProxy.php index 31953f12..bc257ffb 100644 --- a/src/Wallabag/CoreBundle/Helper/ContentProxy.php +++ b/src/Wallabag/CoreBundle/Helper/ContentProxy.php @@ -47,6 +47,7 @@ class ContentProxy */ public function updateEntry(Entry $entry, $url, array $content = [], $disableContentUpdate = false) { + $this->graby->toggleImgNoReferrer(true); if (!empty($content['html'])) { $content['html'] = $this->graby->cleanupHtml($content['html'], $url); } diff --git a/src/Wallabag/CoreBundle/Resources/views/base.html.twig b/src/Wallabag/CoreBundle/Resources/views/base.html.twig index aa388bcb..c0eecd57 100644 --- a/src/Wallabag/CoreBundle/Resources/views/base.html.twig +++ b/src/Wallabag/CoreBundle/Resources/views/base.html.twig @@ -8,6 +8,7 @@ {% block head %} + -- cgit v1.2.3