From a4eb5ed82b7cf5926bc56d93efcd088791c07773 Mon Sep 17 00:00:00 2001
From: Chris DeCairos <cade@mozillafoundation.org>
Date: Wed, 9 Jan 2019 17:15:04 -0500
Subject: [PATCH] Add a Referrer-Policy Header and meta tag, with a same-origin
 policy value

---
 server/index.js    | 14 ++++++++++++++
 src/pages/index.js |  1 +
 2 files changed, 15 insertions(+)

diff --git a/server/index.js b/server/index.js
index 509e81b8..93f63c87 100644
--- a/server/index.js
+++ b/server/index.js
@@ -32,6 +32,20 @@ module.exports = async function(options) {
     encoding: "none"
   });
 
+  server.ext('onPreResponse', (request, h) => {
+    const response = request.response;
+    const headerName = 'Referrer-Policy';
+    const headerValue = 'same-origin';
+
+    if (response.isBoom) {
+      response.output.headers[headerName] = headerValue;
+    } else {
+      response.header(headerName, headerValue);
+    }
+
+    return h.continue;
+  });
+
   server.route(baseRoutes);
 
   await server.register(services);
diff --git a/src/pages/index.js b/src/pages/index.js
index f949e7c7..af3b5b9c 100644
--- a/src/pages/index.js
+++ b/src/pages/index.js
@@ -44,6 +44,7 @@ var Index = React.createClass({
           <meta httpEquiv="X-UA-Compatible" content="IE=edge"/>
           <meta name="viewport" content="width=device-width, initial-scale=1"/>
           <meta name='robots' content={robots}/>
+          <meta name="referrer" content="same-origin"/>
 
           <meta property="og:type" content="website" />
           <meta property="og:title" content={metaData.title} />