correcting referrer policy in HTML <meta> tag (#13036)

Switched to `same-origin` which was probably orginally intended in
PR #10851, since `strict-origin` still relays the Forgejo web server URL
to other web servers in the referrer as long as HTTPS is used.

See: https://developer.mozilla.org/en-US/docs/Web/HTML/Reference/Elements/meta/name/referrer#same-origin

fixes #13019

## Checklist

### Documentation

- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/13036
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
This commit is contained in:
Christian Burger 2026-06-10 20:39:20 +02:00 committed by Mathieu Fenniak
commit a9521cce56

View file

@ -8,7 +8,7 @@
<meta name="author" content="{{if .Repository}}{{.Owner.Name}}{{else}}{{MetaAuthor}}{{end}}">
<meta name="description" content="{{if .Repository}}{{.Repository.Name}}{{if .Repository.Description}} - {{.Repository.Description}}{{end}}{{else}}{{MetaDescription}}{{end}}">
<meta name="keywords" content="{{MetaKeywords}}">
<meta name="referrer" content="strict-origin">
<meta name="referrer" content="same-origin">
{{if .GoGetImport}}
<meta name="go-import" content="{{.GoGetImport}} git {{.RepoCloneLink.HTTPS}}">
<meta name="go-source" content="{{.GoGetImport}} _ {{.GoDocDirectory}} {{.GoDocFile}}">