Uploaded image for project: 'Moodle'
  1. Moodle
  2. MDL-68820

Add a Referrer-Policy header setting to the security admin settings

    XMLWordPrintable

    Details

    • Testing Instructions:
      Hide

      Regression testing:

      1. Visit Site Administration > Security > HTTP Security (/admin/settings.php?section=httpsecurity).
      2. Ensure the 'Referrer Policy' is set to 'Browser Default'.
      3. In another tab, open the dev tools (F12), then navigate to the 'Network' tab. Click the Document filter, to hide all the JS stuff happening.
      4. In the new tab, visit the dashboard (/my/)
      5. Now click on the new entry in the dev tools, then click the headers tab.
      6. Verify in the general section, the Referrer policy is 'no-referrer-when-downgrade'
      7. Verify that in the 'Response headers' section, there is no 'Referrer-Policy' header.

      Header testing:

      1. In the tab with the HTTP settings still open, set the 'Referrer Policy' setting to 'no-referrer' and save changes.
      2. In the other tab with dev tools open, reload the page.
      3. Click on the new entry in the dev tools
      4. Verify the response headers now contains the header 'Referrer-Policy: no-referrer'
      5. Repeat these steps for all remaining select options, and verify that the header content equals the select option selected.
      Show
      Regression testing: Visit Site Administration > Security > HTTP Security (/admin/settings.php?section=httpsecurity). Ensure the 'Referrer Policy' is set to 'Browser Default'. In another tab, open the dev tools (F12), then navigate to the 'Network' tab. Click the Document filter, to hide all the JS stuff happening. In the new tab, visit the dashboard (/my/) Now click on the new entry in the dev tools, then click the headers tab. Verify in the general section, the Referrer policy is 'no-referrer-when-downgrade' Verify that in the 'Response headers' section, there is no 'Referrer-Policy' header. Header testing: In the tab with the HTTP settings still open, set the 'Referrer Policy' setting to 'no-referrer' and save changes. In the other tab with dev tools open, reload the page. Click on the new entry in the dev tools Verify the response headers now contains the header 'Referrer-Policy: no-referrer' Repeat these steps for all remaining select options, and verify that the header content equals the select option selected.
    • Affected Branches:
      MOODLE_310_STABLE
    • Fixed Branches:
      MOODLE_310_STABLE
    • Pull Master Branch:
      MDL-68820-referrer-policy

      Description

      Have a dropdown of all the options in:

      https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy

      Default it to blank to get the browser level default

        Attachments

          Activity

            People

            Assignee:
            peterburnett Peter Burnett
            Reporter:
            brendanheywood Brendan Heywood
            Peer reviewer:
            Brendan Heywood
            Integrator:
            Andrew Nicols
            Tester:
            Anna Carissa Sadia
            Participants:
            Component watchers:
            Andrew Nicols, Jun Pataleta, Michael Hawkins, Shamim Rezaie, Simey Lameze
            Votes:
            0 Vote for this issue
            Watchers:
            4 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:
              Fix Release Date:
              9/Nov/20

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 2 hours
                2h