Fixed #31232 -- Changed default SECURE_REFERRER_POLICY to 'same-origin'.

2025-10-24 06:06:09 +00:00 · 2020-02-05 10:02:35 +00:00
parent 7fa1a93c6c
commit 72b97a5b1e
4 changed files with 24 additions and 2 deletions
--- a/docs/ref/settings.txt
+++ b/docs/ref/settings.txt
@@ -2395,12 +2395,16 @@ from URL paths, so patterns shouldn't include them, e.g.

 .. versionadded:: 3.0

-Default: ``None``
+Default: ``'same-origin'``

 If configured, the :class:`~django.middleware.security.SecurityMiddleware` sets
 the :ref:`referrer-policy` header on all responses that do not already have it
 to the value provided.

+.. versionchanged:: 3.1
+
+    In older versions, the default value is ``None``.
+
 .. setting:: SECURE_SSL_HOST

 ``SECURE_SSL_HOST``