EPrints Technical Mailing List Archive

Message: #09389

< Previous (by date) | Next (by date) > | < Previous (in thread) | Next (in thread) > | Messages - Most Recent First | Threads - Most Recent First

RE: [EP-tech] referrer policy and permission policy (headers)

CAUTION: This e-mail originated outside the University of Southampton.

QUT ePrints (https://eprints.qut.edu.au/) does send those and other security-focused response header fields.

 

I’ve found the Mozilla Developer Network is consistently a good resource for describing options, e.g. https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Permissions-Policy

 

Cheers

-- 
Matty Kerwin (he/him)

Web Developer
EDR Development
Digital Business Solutions

QUT-Logo

Queensland University of Technology
Email: matthew.kerwin@qut.edu.au
KG-X232, Kelvin Grove Campus

 

 

From: eprints-tech-request@ecs.soton.ac.uk <eprints-tech-request@ecs.soton.ac.uk> On Behalf Of Tomasz Neugebauer
Sent: Thursday, September 7, 2023 6:27 AM
To: eprints-tech@ecs.soton.ac.uk
Subject: [EP-tech] referrer policy and permission policy (headers)

 

CAUTION: This e-mail originated outside the University of Southampton.

CAUTION: This e-mail originated outside the University of Southampton.

Does anyone have a referrer policy header (see: https://scotthelme.co.uk/a-new-security-header-referrer-policy/)  and/or a permission policy header (https://www.w3.org/TR/permissions-policy-1/?ref=scotthelme.co.uk ) set on their EPrints servers?

 

What do you have as the settings for these?

 

Since we have an HSTS / HTTPS-only site, I am considering adding the following as the referrer-policy: no-referrer-when-downgrade.  I wonder if that would that would break anything, though?

 

I have no idea about permission policy, I just know that it’s one of the headers that is required for a higher security score at https://securityheaders.com/ 

 

Tomasz