Menu
My CMS(https) and image server(http) is separate. I have setup my image server so that it only can serve to whitelisted referrer pages. Now my issue is how do I allow the CMS server to send response header to the image server so the CMS can display the images? I have found giving this html meta tag in the html will display the images.
<meta name="referrer" content="origin">
but is it possible to do this without editing each html page and do this server side? I am on Nginx v1.10.2
210
Referrer-Policy By checking the referrer, the new webpage can see where the request originated. The Referrer-Policy can be configured to cause the browser to not inform the destination site any URL information. Next, restart the Apache service to apply the changes. Next, restart the Nginx service to apply the changes.
nginx Example CSP HeaderInside your nginx server {} block add: add_header Content-Security-Policy "default-src 'self';"; Let's break it down, first we are using the nginx directive or instruction: add_header . Next we specify the header name we would like to set, in our case it is Content-Security-Policy .
The Nginx add_header directive allows you to define an arbitrary response header and value to be included in all response codes, which are equal to 200 , 201 , 204 , 206 , 301 , 302 , 303 , 304 , or 307 . This can be defined from within your nginx.
Simply adding below solved my issue.
add_header 'Referrer-Policy' 'origin';
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With