From 08b6034edc581b6537a231f469288a06792e9d7d Mon Sep 17 00:00:00 2001
From: Andreas Gohr <andi@splitbrain.org>
Date: Sun, 24 Mar 2024 19:35:36 +0100
Subject: [PATCH] move noreferrer policy to hardend mode

This probably fixes #143
---
 syntax/video.php | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/syntax/video.php b/syntax/video.php
index 557e6d4..b54094e 100644
--- a/syntax/video.php
+++ b/syntax/video.php
@@ -139,7 +139,6 @@ public function iframe($data, $element = 'iframe')
             'frameborder' => 0,
             'scrolling' => 'no',
             'data-domain' => $data['domain'],
-            'referrerpolicy' => 'no-referrer',
             'loading' => 'lazy',
         ];
         if ($this->getConf('extrahard')) {
@@ -297,7 +296,8 @@ protected function hardenedIframeAttributes()
             'credentialless' => '',
             'sandbox' => 'allow-scripts allow-same-origin',
             'allow' => $disallow,
-            'csp' => 'sandbox allow-scripts allow-same-origin'
+            'csp' => 'sandbox allow-scripts allow-same-origin',
+            'referrerpolicy' => 'no-referrer',
         ];
     }
 }