Skip to content

Commit

Permalink
FIX #29780 Restore filtes when using "back to list"
Browse files Browse the repository at this point in the history
  • Loading branch information
@eldy
eldy committed Jun 3, 2024
1 parent 3d23433 commit f38837c
Show file tree
Hide file tree
Showing 2 changed files with 4 additions and 3 deletions.
2 changes: 1 addition & 1 deletion htdocs/admin/system/security.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -760,7 +760,7 @@
print '")</span><br>';
print '<br>';

print '<strong>WEBSITE_MAIN_SECURITY_FORCERP</strong> = '.getDolGlobalString('WEBSITE_MAIN_SECURITY_FORCERP', '<span class="opacitymedium">'.$langs->trans("Undefined").'</span>').' &nbsp; <span class="opacitymedium">('.$langs->trans("Recommended").': '.$langs->trans("Undefined").' '.$langs->trans("or").' "strict-origin-when-cross-origin")</span><br>';
print '<strong>WEBSITE_MAIN_SECURITY_FORCERP</strong> = '.getDolGlobalString('WEBSITE_MAIN_SECURITY_FORCERP', '<span class="opacitymedium">'.$langs->trans("Undefined").'</span>').' &nbsp; <span class="opacitymedium">('.$langs->trans("Recommended").': '.$langs->trans("Undefined").'="strict-origin-when-cross-origin" '.$langs->trans("or").' "same-origin"=more secured)</span><br>';
print '<br>';

print '<strong>WEBSITE_MAIN_SECURITY_FORCESTS</strong> = '.getDolGlobalString('WEBSITE_MAIN_SECURITY_FORCESTS', '<span class="opacitymedium">'.$langs->trans("Undefined").'</span>').' &nbsp; <span class="opacitymedium">('.$langs->trans("Example").": \"max-age=31536000; includeSubDomains\")</span><br>";
Expand Down
5 changes: 3 additions & 2 deletions htdocs/main.inc.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1674,9 +1674,10 @@ function top_httphead($contenttype = 'text/html', $forcenocache = 0)

// Referrer-Policy
// Say if we must provide the referrer when we jump onto another web page.
// Default browser are 'strict-origin-when-cross-origin' (only domain is sent on other domain switching), we want more so we use 'strict-origin' so browser doesn't send any referrer when going into another web site domain.
// Default browser are 'strict-origin-when-cross-origin' (only domain is sent on other domain switching), we want more so we use 'same-origin' so browser doesn't send any referrer at all when going into another web site domain.
// Note that we do not use 'strict-origin' as this breaks feature to restore filters when clicking on "back to page" link on some cases.
if (!defined('MAIN_SECURITY_FORCERP')) {
$referrerpolicy = getDolGlobalString('MAIN_SECURITY_FORCERP', "strict-origin");
$referrerpolicy = getDolGlobalString('MAIN_SECURITY_FORCERP', "same-origin");

header("Referrer-Policy: ".$referrerpolicy);
}
Expand Down

0 comments on commit f38837c

Please sign in to comment.