[vlc-devel] [PATCH] lua/http: set same-origin referrer policy

Pierre Ynard linkfanel at yahoo.fr
Mon Aug 3 20:29:39 CEST 2020 

Without this, calls to external resources leak the URL of the web
interface over the internet, which is not necessarily something that the
user wants.


diff --git a/share/lua/http/index.html b/share/lua/http/index.html
index 211fa08..dc5eadd 100644
--- a/share/lua/http/index.html
+++ b/share/lua/http/index.html
@@ -25,6 +25,7 @@
 	<head>
 		<title><?vlc gettext("VLC media player - Web Interface") ?></title>
 		<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+		<meta name="referrer" content="same-origin" />
 		<link href="favicon.ico" type="image/x-icon" rel="shortcut icon" />
 		<script type="text/javascript" src="js/common.js"></script>
 		<script type="text/javascript">
diff --git a/share/lua/http/mobile.html b/share/lua/http/mobile.html
index efac88c..358811c 100644
--- a/share/lua/http/mobile.html
+++ b/share/lua/http/mobile.html
@@ -24,6 +24,7 @@
 	<head>
 		<title><?vlc gettext("VLC media player - Web Interface") ?></title>
 		<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+		<meta name="referrer" content="same-origin" />
 		<meta name="viewport" content="initial-scale=1.0" />
 		<meta name="viewport" content="width=device-width" />
 		<meta name="apple-mobile-web-app-status-bar-style" content="default" />
diff --git a/share/lua/http/mobile_browse.html b/share/lua/http/mobile_browse.html
index 51f6540..aad8b30 100644
--- a/share/lua/http/mobile_browse.html
+++ b/share/lua/http/mobile_browse.html
@@ -24,6 +24,7 @@
 	<head>
 		<title><?vlc gettext("VLC media player - Web Interface") ?></title>
 		<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+		<meta name="referrer" content="same-origin" />
 		<meta name="viewport" content="width=device-width" />
 		<link href="favicon.ico" type="image/x-icon" rel="shortcut icon" />
 		<script type="text/javascript" src="js/common.js"></script>
diff --git a/share/lua/http/mobile_equalizer.html b/share/lua/http/mobile_equalizer.html
index 7341109..85574b3 100644
--- a/share/lua/http/mobile_equalizer.html
+++ b/share/lua/http/mobile_equalizer.html
@@ -24,6 +24,7 @@
 	<head>
 		<title><?vlc gettext("VLC media player - Web Interface") ?></title>
 		<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+		<meta name="referrer" content="same-origin" />
 		<meta name="viewport" content="width=device-width; user-scalable=no" />
 		<link href="favicon.ico" type="image/x-icon" rel="shortcut icon" />
 		<script type="text/javascript" src="js/common.js"></script>
diff --git a/share/lua/http/mobile_view.html b/share/lua/http/mobile_view.html
index f7660e3..2fd1f8f 100644
--- a/share/lua/http/mobile_view.html
+++ b/share/lua/http/mobile_view.html
@@ -24,6 +24,7 @@
 	<head>
 		<title><?vlc gettext("VLC media player - Web Interface") ?></title>
 		<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+		<meta name="referrer" content="same-origin" />
 		<meta name="viewport" content="width=device-width; user-scalable=no" />
 		<link href="favicon.ico" type="image/x-icon" rel="shortcut icon"/>
 		<script type="text/javascript" src="js/common.js"></script>
diff --git a/share/lua/http/view.html b/share/lua/http/view.html
index 07ddd0d..4485631 100644
--- a/share/lua/http/view.html
+++ b/share/lua/http/view.html
@@ -25,6 +25,7 @@
 <head>
 	<title><?vlc gettext("VLC media player - Flash Viewer") ?></title>
 	<meta http-equiv="Content-Type" content="text/html; charset=UTF-8" />
+	<meta name="referrer" content="same-origin" />
 	<link href="favicon.ico" type="image/x-icon" rel="shortcut icon"/>
 	<link type="text/css" href="css/ui-lightness/jquery-ui-1.8.13.custom.css" rel="stylesheet" />
 	<link type="text/css" href="css/main.css" rel="stylesheet" />
diff --git a/share/lua/http/vlm.html b/share/lua/http/vlm.html
index b71ed01..c01d545 100644
--- a/share/lua/http/vlm.html
+++ b/share/lua/http/vlm.html
@@ -28,6 +28,7 @@
 <head>
   <title>VLC media player - Web Interface - VLM</title>
   <meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
+  <meta name="referrer" content="same-origin" />
   <link href="old/style.css" rel="stylesheet" type="text/css" />
   <script type="text/javascript" src="old/js/functions.js"></script>
   <script type="text/javascript" src="old/js/vlm.js"></script>
-- 
Pierre Ynard
"Une âme dans un corps, c'est comme un dessin sur une feuille de papier."

More information about the vlc-devel mailing list