chore(cloud-function): set Referrer-Policy explicitly (#13489)

caugner · web-flow · commit b102a3dc5b57 · 2025-09-11T08:58:06.000+01:00
diff --git a/cloud-function/src/headers.ts b/cloud-function/src/headers.ts
@@ -92,6 +92,7 @@ export function setContentResponseHeaders(
   { csp = true, xFrame = true }: { csp?: boolean; xFrame?: boolean }
 ): void {
   [
+    ["Referrer-Policy", "strict-origin-when-cross-origin"],
     ["X-Content-Type-Options", "nosniff"],
     ["Strict-Transport-Security", "max-age=63072000"],
     ...(csp ? [["Content-Security-Policy", CSP_VALUE]] : []),

Original file line number	Diff line number	Diff line change
`@@ -92,6 +92,7 @@ export function setContentResponseHeaders(`
`92`	`92`	`{ csp = true, xFrame = true }: { csp?: boolean; xFrame?: boolean }`
`93`	`93`	`): void {`
`94`	`94`	`[`
	`95`	`+ ["Referrer-Policy", "strict-origin-when-cross-origin"],`
`95`	`96`	`["X-Content-Type-Options", "nosniff"],`
`96`	`97`	`["Strict-Transport-Security", "max-age=63072000"],`
`97`	`98`	`...(csp ? [["Content-Security-Policy", CSP_VALUE]] : []),`