From db59f37269da44fb62b5eab3cd2fd7db1b62659b Mon Sep 17 00:00:00 2001
From: Claire <claire.github-309c@sitedethib.com>
Date: Wed, 12 Feb 2025 13:58:48 +0100
Subject: [PATCH] Fix redirect after log-in when `allow_referrer_origin`
 setting is enabled (#33903)

---
 app/controllers/concerns/web_app_controller_concern.rb | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/controllers/concerns/web_app_controller_concern.rb b/app/controllers/concerns/web_app_controller_concern.rb
index 1d8ee43507..ec2256aa9c 100644
--- a/app/controllers/concerns/web_app_controller_concern.rb
+++ b/app/controllers/concerns/web_app_controller_concern.rb
@@ -46,6 +46,6 @@ module WebAppControllerConcern
   protected
 
   def set_referer_header
-    response.set_header('Referrer-Policy', Setting.allow_referrer_origin ? 'origin' : 'same-origin')
+    response.set_header('Referrer-Policy', Setting.allow_referrer_origin ? 'strict-origin-when-cross-origin' : 'same-origin')
   end
 end