[MDL-68820] Add a Referrer-Policy header setting to the security admin settings - Moodle Tracker

XML

Word

Printable

Details

Type: Improvement
Status: Closed
Priority: Minor
Resolution: Fixed
Affects Version/s: 3.10
Fix Version/s: 3.10
Component/s: Administration
Labels:

Affected Branches:
MOODLE_310_STABLE
Fixed Branches:
MOODLE_310_STABLE
Pull from Repository:
https://github.com/Peterburnett/moodle
Pull Main Branch:
~~MDL-68820~~-referrer-policy
Pull Main Diff URL:
https://github.com/moodle/moodle/compare/master...Peterburnett:MDL-68820-referrer-policy
Testing Instructions:
Hide

Regression testing:

Visit Site Administration > Security > HTTP Security (/admin/settings.php?section=httpsecurity).

Ensure the 'Referrer Policy' is set to 'Browser Default'.

In another tab, open the dev tools (F12), then navigate to the 'Network' tab. Click the Document filter, to hide all the JS stuff happening.

In the new tab, visit the dashboard (/my/)

Now click on the new entry in the dev tools, then click the headers tab.

Verify in the general section, the Referrer policy is 'no-referrer-when-downgrade'

Verify that in the 'Response headers' section, there is no 'Referrer-Policy' header.

Header testing:

In the tab with the HTTP settings still open, set the 'Referrer Policy' setting to 'no-referrer' and save changes.

In the other tab with dev tools open, reload the page.

Click on the new entry in the dev tools

Verify the response headers now contains the header 'Referrer-Policy: no-referrer'

Repeat these steps for all remaining select options, and verify that the header content equals the select option selected.
Show
Regression testing: Visit Site Administration > Security > HTTP Security (/admin/settings.php?section=httpsecurity). Ensure the 'Referrer Policy' is set to 'Browser Default'. In another tab, open the dev tools (F12), then navigate to the 'Network' tab. Click the Document filter, to hide all the JS stuff happening. In the new tab, visit the dashboard (/my/) Now click on the new entry in the dev tools, then click the headers tab. Verify in the general section, the Referrer policy is 'no-referrer-when-downgrade' Verify that in the 'Response headers' section, there is no 'Referrer-Policy' header. Header testing: In the tab with the HTTP settings still open, set the 'Referrer Policy' setting to 'no-referrer' and save changes. In the other tab with dev tools open, reload the page. Click on the new entry in the dev tools Verify the response headers now contains the header 'Referrer-Policy: no-referrer' Repeat these steps for all remaining select options, and verify that the header content equals the select option selected.

Description

Have a dropdown of all the options in:

https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Referrer-Policy

Default it to blank to get the browser level default

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending
- Thumbnails
- List
- Download All

MDL-68820_RegressionTesting_Step7.jpg
17 kB
08/Jul/20 11:54 AM
MDL-68820.png
167 kB
08/Jul/20 11:53 AM

Activity

People

Assignee:: Peter Burnett

Reporter:: Brendan Heywood

Peer reviewer:: Brendan Heywood

Integrator:: Andrew Lyons

Tester:: Anna Carissa Sadia

Participants:: Andrew Lyons, Anna Carissa Sadia, Brendan Heywood, CiBoT, Mary Cooch, Peter Burnett

Votes:: 0 Vote for this issue

Watchers:: 6 Start watching this issue

Dates

Created:: 25/May/20 12:35 PM

Updated:: 13/Nov/20 4:29 PM

Resolved:: 11/Jul/20 2:48 AM

Fix Release Date:: 9/Nov/20

Time Tracking

Estimated:

Remaining:

Logged: