Merge pull request #114 from rugk/patch-1

Prevent referrer from being send

app/index.html

@@ -5,6 +5,7 @@
     <meta http-equiv="X-UA-Compatible" content="IE=edge">
     <meta name="description" content="">
     <meta name="viewport" content="width=device-width, initial-scale=1">
+    <meta name="referrer" content="no-referrer">
 
     {{content-for 'head'}}
 

config/environment.js

@@ -19,7 +19,8 @@ module.exports = function(environment) {
       'connect-src': "'self'",
       'img-src': "'self'",
       'style-src': "'self'",
-      'media-src': "'self'"
+      'media-src': "'self'",
+      'referrer': "no-referrer"
     },
 
     EmberENV: {

public/.htaccess

@@ -1,5 +1,5 @@
 # Content Security Policy-Headers
 # you have to enable apache module headers to get them working
-#Header set Content-Security-Policy "default-src 'self';"
-#Header set X-Content-Security-Policy "default-src 'self';"
-#Header set X-Webkit-CSP "default-src 'self';"
+#Header set Content-Security-Policy "default-src 'none'; script-src 'self'; font-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self'; referrer no-referrer;"
+#Header set X-Content-Security-Policy "default-src 'none'; script-src 'self'; font-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self'; referrer no-referrer;"
+#Header set X-Webkit-CSP "default-src 'none'; script-src 'self'; font-src 'self'; connect-src 'self'; img-src 'self'; style-src 'self'; referrer no-referrer;"