EPrints Technical Mailing List Archive
See the EPrints wiki for instructions on how to join this mailing list and related information.
Message: #09389
< Previous (by date) | Next (by date) > | < Previous (in thread) | Next (in thread) > | Messages - Most Recent First | Threads - Most Recent First
RE: [EP-tech] referrer policy and permission policy (headers)
- To: "eprints-tech@ecs.soton.ac.uk" <eprints-tech@ecs.soton.ac.uk>
- Subject: RE: [EP-tech] referrer policy and permission policy (headers)
- From: Matthew Kerwin <matthew.kerwin@qut.edu.au>
- Date: Wed, 6 Sep 2023 21:54:55 +0000
CAUTION: This e-mail originated outside the University of Southampton.
QUT ePrints (https://eprints.qut.edu.au/) does send those and other security-focused response header fields. I’ve found the Mozilla Developer Network is consistently a good resource for describing options, e.g.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy Cheers --
From: eprints-tech-request@ecs.soton.ac.uk <eprints-tech-request@ecs.soton.ac.uk>
On Behalf Of Tomasz Neugebauer CAUTION:
This e-mail originated outside the University of Southampton. CAUTION:
This e-mail originated outside the University of Southampton. Does anyone have a referrer policy header (see:
https://scotthelme.co.uk/a-new-security-header-referrer-policy/) and/or a permission policy header (https://www.w3.org/TR/permissions-policy-1/?ref=scotthelme.co.uk
) set on their EPrints servers? What do you have as the settings for these? Since we have an HSTS / HTTPS-only site, I am considering adding the following as the referrer-policy: no-referrer-when-downgrade. I wonder if that would that would break anything, though? I have no idea about permission policy, I just know that it’s one of the headers that is required for a higher security score at
https://securityheaders.com/ Tomasz |
- Follow-Ups:
- Re: [EP-tech] referrer policy and permission policy (headers)
- From: David R Newman <drn@ecs.soton.ac.uk>
- Re: [EP-tech] referrer policy and permission policy (headers)
- References:
- [EP-tech] referrer policy and permission policy (headers)
- From: Tomasz Neugebauer <Tomasz.Neugebauer@concordia.ca>
- [EP-tech] referrer policy and permission policy (headers)
- Prev by Date: [EP-tech] referrer policy and permission policy (headers)
- Next by Date: Re: [EP-tech] referrer policy and permission policy (headers)
- Previous by thread: [EP-tech] referrer policy and permission policy (headers)
- Next by thread: Re: [EP-tech] referrer policy and permission policy (headers)
- Index(es):