From 84f2870d4fe0bc858dddb3f4f593302efef7a09b Mon Sep 17 00:00:00 2001
From: Tyler Schrock <tschrock123@gmail.com>
Date: Tue, 3 Dec 2024 06:54:58 -0500
Subject: [PATCH] Fix HIDE_REFERER env option for hiding changedetection.io
 from referer headers (#2787)

---
 changedetectionio/__init__.py | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/changedetectionio/__init__.py b/changedetectionio/__init__.py
index 70afc105..9e8c7c8b 100644
--- a/changedetectionio/__init__.py
+++ b/changedetectionio/__init__.py
@@ -160,11 +160,10 @@ def main():
                     )
 
     # Monitored websites will not receive a Referer header when a user clicks on an outgoing link.
-    # @Note: Incompatible with password login (and maybe other features) for now, submit a PR!
     @app.after_request
     def hide_referrer(response):
         if strtobool(os.getenv("HIDE_REFERER", 'false')):
-            response.headers["Referrer-Policy"] = "no-referrer"
+            response.headers["Referrer-Policy"] = "same-origin"
 
         return response