Insecure or unset HTTP headers - Referrer-Policy
Need
Implementation of secure and properly configured HTTP headers, specifically the Referrer-Policy header.
Context
• Usage of Python 3 for writing and executing Python code
• Usage of Django for building web applications
Description
1. Non compliant code
from django.http import HttpResponse
def some_view(request):
    response = HttpResponse()
    # Missing Referrer-Policy in the HTTP headers
    return responseIn the above code, we are defining a view `some_view` that returns an `HttpResponse`. However, we are not setting the `Referrer-Policy` in the HTTP headers of the response. The `Referrer-Policy` HTTP header controls how much referrer information (sent via the `Referer` header) should be included with requests. If this header is missing or not properly configured, it may leak sensitive information from the HTTP `Referer` header. For example, if a user navigates from a secure HTTPS site to a non-secure HTTP site, the `Referer` header could potentially disclose the user's last visited page. This could lead to privacy breaches, especially when the URL contains sensitive information. Therefore, it is important to always set the `Referrer-Policy` HTTP header to control the referrer information shared across sites.
2. Steps
• Identify the part of the code where the HTTP response is being created.
• Add the 'Referrer-Policy' HTTP header to the response object.
• Set the value of the 'Referrer-Policy' header to a secure option such as 'no-referrer', 'same-origin', or 'strict-origin-when-cross-origin'.
• Ensure that the 'Referrer-Policy' header is included in every HTTP response that your server sends.
3. Secure code example
from django.http import HttpResponse
def some_view(request):
    response = HttpResponse()
    # Set Referrer-Policy in the HTTP headers
    response["Referrer-Policy"] = "no-referrer"
    return responseThe above code fixes the vulnerability by adding the 'Referrer-Policy' HTTP header to the response object. The 'Referrer-Policy' header is set to 'no-referrer', which means that no referrer information will be sent along with requests. This is how it works: 1. The `HttpResponse` object is created as before. 2. The 'Referrer-Policy' HTTP header is added to the response object using the syntax `response["Referrer-Policy"]`. 3. The value of the 'Referrer-Policy' header is set to 'no-referrer'. This is a secure option that ensures no referrer information is sent along with requests. Other secure options you could use include 'same-origin' (only send referrer information for same-origin requests) and 'strict-origin-when-cross-origin' (send full referrer information for same-origin requests, but only send the origin of the document for cross-origin requests). 4. The response object, now including the 'Referrer-Policy' header, is returned as before. By including the 'Referrer-Policy' header in the HTTP response, the server informs the client's browser how to handle referrer information when making requests. This can help to protect sensitive data and enhance the privacy of your users.