$temp->add(new admin_setting_configportlist('curlsecurityallowedport',
new lang_string('curlsecurityallowedport', 'admin'),
new lang_string('curlsecurityallowedportsyntax', 'admin'), ""));
+
+ // HTTP Header referrer policy settings.
+ $referreroptions = [
+ 'default' => get_string('referrernone', 'admin'),
+ 'no-referrer' => 'no-referrer',
+ 'no-referrer-when-downgrade' => 'no-referrer-when-downgrade',
+ 'origin' => 'origin',
+ 'origin-when-cross-origin' => 'origin-when-cross-origin',
+ 'same-origin' => 'same-origin',
+ 'strict-origin' => 'strict-origin',
+ 'strict-origin-when-cross-origin' => 'strict-origin-when-cross-origin',
+ 'unsafe-url' => 'unsafe-url',
+ ];
+ $temp->add(new admin_setting_configselect('referrerpolicy',
+ new lang_string('referrerpolicy', 'admin'),
+ new lang_string('referrerpolicydesc', 'admin'), 'default', $referreroptions));
+
$ADMIN->add('security', $temp);
// "notifications" settingpage
$string['purgeselectedcachesfinished'] = 'The selected caches were purged.';
$string['purgetemplates'] = 'Templates';
$string['purgethemecache'] = 'Themes';
+$string['referrernone'] = 'Browser default';
+$string['referrerpolicy'] = 'Referrer policy';
+$string['referrerpolicydesc'] = 'Set the referrer policy header to be included with responses from your site.';
$string['restorecourse'] = 'Restore course';
$string['restorernewroleid'] = 'Restorers\' role in courses';
$string['restorernewroleid_help'] = 'If the user does not already have the permission to manage the newly restored course, the user is automatically assigned this role and enrolled if necessary. Select "None" if you do not want restorers to be able to manage every restored course.';
if (empty($CFG->allowframembedding) && !core_useragent::is_moodle_app()) {
@header('X-Frame-Options: sameorigin');
}
+
+ // If referrer policy is set, add a referrer header.
+ if (!empty($CFG->referrerpolicy) && ($CFG->referrerpolicy !== 'default')) {
+ @header('Referrer-Policy: ' . $CFG->referrerpolicy);
+ }
}
/**
