gitforge/templates/base
Christian Burger a9521cce56 correcting referrer policy in HTML <meta> tag (#13036)
Switched to `same-origin` which was probably orginally intended in
PR #10851, since `strict-origin` still relays the Forgejo web server URL
to other web servers in the referrer as long as HTTPS is used.

See: https://developer.mozilla.org/en-US/docs/Web/HTML/Reference/Elements/meta/name/referrer#same-origin

fixes #13019

## Checklist

### Documentation

- [x] I did not document these changes and I do not expect someone else to do it.

### Release notes

- [x] This change will be noticed by a Forgejo user or admin (feature, bug fix, performance, etc.). I suggest to include a release note for this change.

Reviewed-on: https://codeberg.org/forgejo/forgejo/pulls/13036
Reviewed-by: Gusted <gusted@noreply.codeberg.org>
Reviewed-by: Mathieu Fenniak <mfenniak@noreply.codeberg.org>
2026-06-10 20:39:20 +02:00
..
alert.tmpl
alert_details.tmpl
disable_form_autofill.tmpl
footer.tmpl
footer_content.tmpl feat(ui): consistently use AppVerNoMetadata in the footer (#11196) 2026-02-09 05:32:34 +01:00
head.tmpl correcting referrer policy in HTML <meta> tag (#13036) 2026-06-10 20:39:20 +02:00
head_navbar.tmpl Add aria-current="page" to active navbar items (#11887) 2026-03-31 23:02:10 +02:00
head_opengraph.tmpl
head_script.tmpl feat: replace cross origin protection (#9830) 2025-10-29 22:43:22 +01:00
head_style.tmpl
modal_actions_confirm.tmpl feat: move more modals to native dialogs (#9636) 2025-10-13 17:48:49 +02:00
paginate.tmpl