Insecure or unset HTTP headers - Referrer-Policy
Need
Implementation of secure and properly configured HTTP headers, specifically the Referrer-Policy header.
Context
- Usage of Python 3 for writing and executing Python code
- Usage of Django for building web applications
Description
Non compliant code
from django.http import HttpResponse
def some_view(request):
response = HttpResponse()
# Missing Referrer-Policy in the HTTP headers
return response
In the above code, we are defining a view some_view that returns an HttpResponse. However, we are not setting the Referrer-Policy in the HTTP headers of the response.
The Referrer-Policy HTTP header controls how much referrer information (sent via the Referer header) should be included with requests. If this header is missing or not properly configured, it may leak sensitive information from the HTTP Referer header.
For example, if a user navigates from a secure HTTPS site to a non-secure HTTP site, the Referer header could potentially disclose the user's last visited page. This could lead to privacy breaches, especially when the URL contains sensitive information.
Therefore, it is important to always set the Referrer-Policy HTTP header to control the referrer information shared across sites.
Steps
- Identify the part of the code where the HTTP response is being created.
- Add the 'Referrer-Policy' HTTP header to the response object.
- Set the value of the 'Referrer-Policy' header to a secure option such as 'no-referrer', 'same-origin', or 'strict-origin-when-cross-origin'.
- Ensure that the 'Referrer-Policy' header is included in every HTTP response that your server sends.
Compliant code
from django.http import HttpResponse
def some_view(request):
response = HttpResponse()
# Set Referrer-Policy in the HTTP headers
response["Referrer-Policy"] = "no-referrer"
return response
The above code fixes the vulnerability by adding the 'Referrer-Policy' HTTP header to the response object. The 'Referrer-Policy' header is set to 'no-referrer', which means that no referrer information will be sent along with requests.
This is how it works:
- The
HttpResponseobject is created as before. - The 'Referrer-Policy' HTTP header is added to the response object using the syntax
response["Referrer-Policy"]. - The value of the 'Referrer-Policy' header is set to 'no-referrer'. This is a secure option that ensures no referrer information is sent along with requests. Other secure options you could use include 'same-origin' (only send referrer information for same-origin requests) and 'strict-origin-when-cross-origin' (send full referrer information for same-origin requests, but only send the origin of the document for cross-origin requests).
- The response object, now including the 'Referrer-Policy' header, is returned as before.
By including the 'Referrer-Policy' header in the HTTP response, the server informs the client's browser how to handle referrer information when making requests. This can help to protect sensitive data and enhance the privacy of your users.