django
django copied to clipboard
Add a note about same-origin as a referrer policy.
Any objections to this?
Thank goodness for MDN provides an example table to lookup the various policies and how they behave ;) Seems sensible enough to me, though I'd encourage someone with more awareness of CSRF & all the security jazz gets pinged to double-triple-check this is the right policy to recommend in such cases.
TBH I feel like the whole admonition could do with a bit of a rewording, because it's essentially "you might think you want want to do this, but don't" but phrased in an encouraging way that initially suggests you should do them...
@coderanger Do you have time to keep working on this?
Closing due to inactivity.