Home Explore Help
Sign In
iProspective
/
dolibarr
3
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Browse Source

FIX #29780 Restore filtes when using "back to list"

Laurent Destailleur 1 year ago
parent
3d2343374d
commit
f38837c99a
2 changed files with 4 additions and 3 deletions
Split View Show Diff Stats
  1. 1 1
      htdocs/admin/system/security.php
  2. 3 2
      htdocs/main.inc.php

+ 1 - 1
htdocs/admin/system/security.php
View File 

@@ -760,7 +760,7 @@ print $examplecsprule;
 
 print '")</span><br>';
 
 print '<br>';
 
 
-print '<strong>WEBSITE_MAIN_SECURITY_FORCERP</strong> = '.getDolGlobalString('WEBSITE_MAIN_SECURITY_FORCERP', '<span class="opacitymedium">'.$langs->trans("Undefined").'</span>').' &nbsp; <span class="opacitymedium">('.$langs->trans("Recommended").': '.$langs->trans("Undefined").' '.$langs->trans("or").' "strict-origin-when-cross-origin")</span><br>';
 
+print '<strong>WEBSITE_MAIN_SECURITY_FORCERP</strong> = '.getDolGlobalString('WEBSITE_MAIN_SECURITY_FORCERP', '<span class="opacitymedium">'.$langs->trans("Undefined").'</span>').' &nbsp; <span class="opacitymedium">('.$langs->trans("Recommended").': '.$langs->trans("Undefined").'="strict-origin-when-cross-origin" '.$langs->trans("or").' "same-origin"=more secured)</span><br>';
 
 print '<br>';
 
 
 print '<strong>WEBSITE_MAIN_SECURITY_FORCESTS</strong> = '.getDolGlobalString('WEBSITE_MAIN_SECURITY_FORCESTS', '<span class="opacitymedium">'.$langs->trans("Undefined").'</span>').' &nbsp; <span class="opacitymedium">('.$langs->trans("Example").": \"max-age=31536000; includeSubDomains\")</span><br>";

+ 3 - 2
htdocs/main.inc.php
View File 

@@ -1674,9 +1674,10 @@ function top_httphead($contenttype = 'text/html', $forcenocache = 0)
 
 
 	// Referrer-Policy
 
 	// Say if we must provide the referrer when we jump onto another web page.
 
-	// Default browser are 'strict-origin-when-cross-origin' (only domain is sent on other domain switching), we want more so we use 'strict-origin' so browser doesn't send any referrer when going into another web site domain.
 
+	// Default browser are 'strict-origin-when-cross-origin' (only domain is sent on other domain switching), we want more so we use 'same-origin' so browser doesn't send any referrer at all when going into another web site domain.
 
+	// Note that we do not use 'strict-origin' as this breaks feature to restore filters when clicking on "back to page" link on some cases.
 
 	if (!defined('MAIN_SECURITY_FORCERP')) {
 
-		$referrerpolicy = getDolGlobalString('MAIN_SECURITY_FORCERP', "strict-origin");
 
+		$referrerpolicy = getDolGlobalString('MAIN_SECURITY_FORCERP', "same-origin");
 
 
 		header("Referrer-Policy: ".$referrerpolicy);
 
 	}