Set Referrer-Policy to no-referrer

Fandom sends a fake 404 to media if there's a Referer header that has an origin
that's not Fandom. However, we can choose not to send the header by setting
Referrer-Policy. See also:
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy
This commit is contained in:
blankie 2022-10-09 10:53:02 +07:00 committed by Gitea
parent ade7878f7b
commit adc4b47b83
4 changed files with 22 additions and 13 deletions

View file

@ -9,6 +9,8 @@
"url-utils.rkt")
(provide
; header to not send referers to fandom
referrer-policy
; timeout durations for http-easy requests
timeouts
; generates a consistent footer
@ -22,6 +24,7 @@
(require rackunit
html-writing))
(define referrer-policy (header #"Referrer-Policy" #"no-referrer"))
(define timeouts (easy:make-timeout-config #:lease 5 #:connect 5))
(define (application-footer source-url #:license [license-in #f])

View file

@ -113,6 +113,7 @@
(xexp->html body))
(response/output
#:code 200
#:headers (list referrer-policy)
(λ (out)
(write-html body out))))))
(module+ test

View file

@ -81,6 +81,7 @@
(xexp->html body))
(response/output
#:code 200
#:headers (list referrer-policy)
(λ (out)
(write-html body out))))))
(module+ test

View file

@ -152,15 +152,17 @@
(λ (v) (dict-update v 'rel (λ (s)
(list (string-append (car s) " noreferrer")))
'(""))))
; proxy images from inline styles
(curry attribute-maybe-update 'style
(λ (style)
(regexp-replace #rx"url\\(['\"]?(.*?)['\"]?\\)" style
(λ (whole url)
(string-append
"url("
(u-proxy-url url)
")")))))
; proxy images from inline styles, if strict_proxy is set
(curry u
(λ (v) (config-true? 'strict_proxy))
(λ (v) (attribute-maybe-update 'style
(λ (style)
(regexp-replace #rx"url\\(['\"]?(.*?)['\"]?\\)" style
(λ (whole url)
(string-append
"url("
(u-proxy-url url)
")")))) v)))
; and also their links, if strict_proxy is set
(curry u
(λ (v)
@ -168,8 +170,10 @@
(eq? element-type 'a)
(has-class? "image-thumbnail" v)))
(λ (v) (attribute-maybe-update 'href u-proxy-url v)))
; proxy images from src attributes
(curry attribute-maybe-update 'src u-proxy-url)
; proxy images from src attributes, if strict_proxy is set
(curry u
(λ (v) (config-true? 'strict_proxy))
(λ (v) (attribute-maybe-update 'src u-proxy-url v)))
; don't lazyload images
(curry u
(λ (v) (dict-has-key? v 'data-src))
@ -276,8 +280,8 @@
(define headers (if redirect-msg
(let* ([dest (get-attribute 'href (bits->attributes ((query-selector (λ (t a c) (eq? t 'a)) redirect-msg))))]
[value (bytes-append #"0;url=" (string->bytes/utf-8 dest))])
(list (header #"Refresh" value)))
(list)))
(list (header #"Refresh" value) referrer-policy))
(list referrer-policy)))
(when (config-true? 'debug)
; used for its side effects
; convert to string with error checking, error will be raised if xexp is invalid