From 1518c7aad6133e333dbc93a93f2672415c5e7b6d Mon Sep 17 00:00:00 2001
From: evazion <noizave@gmail.com>
Date: Mon, 7 Oct 2019 13:44:35 -0500
Subject: [PATCH] /uploads: set referrerpolicy=no-referrer on hotlinked
 previews.

Don't send the referer when hotlinking preview images on the
/uploads/new page. Improves user privacy and may bypass anti-hotlinking
protections in some cases.
---
 app/views/uploads/_image.html.erb | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/app/views/uploads/_image.html.erb b/app/views/uploads/_image.html.erb
index 6d56c1643..c43a18560 100644
--- a/app/views/uploads/_image.html.erb
+++ b/app/views/uploads/_image.html.erb
@@ -1,9 +1,9 @@
 <% if params[:url] %>
   <div id="upload-image">
     <% if ImageProxy.needs_proxy?(@source.image_url) %>
-      <%= image_tag(image_proxy_uploads_path(:url => @source.image_url), :title => "Preview", :id => "image") %>
+      <%= tag.img src: image_proxy_uploads_path(url: @source.image_url), title: "Preview", id: "image" %>
     <% elsif @source.image_url.present? %>
-      <%= image_tag(@source.image_url, :title => "Preview", :id => "image") %>
+      <%= tag.img src: @source.image_url, title: "Preview", id: "image", referrerpolicy: "no-referrer" %>
     <% end %>
   </div>