Update referrer-policy to strict-origin-when-cross-origin, remove django-referrer-policy packages, built in to Django 3 and later

hypha/settings/base.py

@@ -525,19 +525,15 @@
 SECURE_HSTS_SECONDS = env.int("SECURE_HSTS_SECONDS", None)
 SECURE_BROWSER_XSS_FILTER = env.bool("SECURE_BROWSER_XSS_FILTER", True)
 SECURE_CONTENT_TYPE_NOSNIFF = env.bool("SECURE_CONTENT_TYPE_NOSNIFF", True)
+SECURE_REFERRER_POLICY = env.str(
+    "SECURE_REFERRER_POLICY", "strict-origin-when-cross-origin"
+)
 
 if env.bool("COOKIE_SECURE", False):
     SESSION_COOKIE_SECURE = True
     CSRF_COOKIE_SECURE = True
     ELEVATE_COOKIE_SECURE = True
 
-# Referrer-policy header settings
-# https://django-referrer-policy.readthedocs.io/en/1.0/
-
-REFERRER_POLICY = env.str(
-    "SECURE_REFERRER_POLICY", "no-referrer-when-downgrade"
-).strip()
-
 # Django Elevate settings
 # https://django-elevate.readthedocs.io/en/latest/config/index.html
 

hypha/settings/django.py

@@ -98,7 +98,6 @@
     "django.contrib.auth.middleware.AuthenticationMiddleware",
     "django.contrib.messages.middleware.MessageMiddleware",
     "django.middleware.clickjacking.XFrameOptionsMiddleware",
-    "django_referrer_policy.middleware.ReferrerPolicyMiddleware",
     "django_otp.middleware.OTPMiddleware",
     "hypha.apply.users.middleware.TwoFactorAuthenticationMiddleware",
     "hijack.middleware.HijackUserMiddleware",

pyproject.toml

@@ -29,7 +29,6 @@ dependencies = [
     "django-nh3~=0.1.1",
     "django-pagedown~=2.2.1",
     "django-ratelimit~=4.1.0",
-    "django-referrer-policy~=1.0",
     "django-role-permissions~=3.2.0",
     "django-select2~=8.2.1",
     "django-slack~=5.19.0",

requirements/dev.txt

@@ -342,8 +342,6 @@ django-phonenumber-field==8.0.0 \
 django-ratelimit==4.1.0 \
     --hash=sha256:555943b283045b917ad59f196829530d63be2a39adb72788d985b90c81ba808b \
     --hash=sha256:d047a31cf94d83ef1465d7543ca66c6fc16695559b5f8d814d1b51df15110b92
-django-referrer-policy==1.0 \
-    --hash=sha256:09e134324fa08c10efc12244a4bae7aee5defa7d332b92c603b09258c854615a
 django-role-permissions==3.2.0 \
     --hash=sha256:5a89eaa098f3da951b4633e655d5f3188f3d6ec5f0b846a8b1690d094ddc6ea6 \
     --hash=sha256:39c4237e9ed2983c0d7fa38bd7f7c4942a04daac739d5be1921efccb074a0606

requirements/prod.txt

@@ -265,8 +265,6 @@ django-phonenumber-field==8.0.0 \
 django-ratelimit==4.1.0 \
     --hash=sha256:555943b283045b917ad59f196829530d63be2a39adb72788d985b90c81ba808b \
     --hash=sha256:d047a31cf94d83ef1465d7543ca66c6fc16695559b5f8d814d1b51df15110b92
-django-referrer-policy==1.0 \
-    --hash=sha256:09e134324fa08c10efc12244a4bae7aee5defa7d332b92c603b09258c854615a
 django-role-permissions==3.2.0 \
     --hash=sha256:5a89eaa098f3da951b4633e655d5f3188f3d6ec5f0b846a8b1690d094ddc6ea6 \
     --hash=sha256:39c4237e9ed2983c0d7fa38bd7f7c4942a04daac739d5be1921efccb074a0606