Django 3.1 has a new default SECURE_REFERRER_POLICY value of same-origin, which hides the referrer from third party sources like Clicky. Clicky depends on the referrer (which, relative to the beacon, is the domain running Django) for domain validation. This breaks the integration by default. See:
https://docs.djangoproject.com/en/3.1/ref/middleware/#referrer-policy
https://clicky.com/help/faq/tips/different/domain-validation
Based on my understanding of the Referrer-Policy header documentation, I think these SECURE_REFERRER_POLICY values will break the Clicky integration:
Unfortunately for Clicky, the default setting is same-origin since Django 3.1.
I think we should:
- Update the Clicky documentation to note that you need to set
SECURE_REFERRER_POLICY to any of the supported values.
- Output a warning if Clicky tags are used and
SECURE_REFERRER_POLICY has been set to a value that breaks the integration.
Django 3.1 has a new default
SECURE_REFERRER_POLICYvalue ofsame-origin, which hides the referrer from third party sources like Clicky. Clicky depends on the referrer (which, relative to the beacon, is the domain running Django) for domain validation. This breaks the integration by default. See:https://docs.djangoproject.com/en/3.1/ref/middleware/#referrer-policy
https://clicky.com/help/faq/tips/different/domain-validation
Based on my understanding of the
Referrer-Policyheader documentation, I think theseSECURE_REFERRER_POLICYvalues will break the Clicky integration:Unfortunately for Clicky, the default setting is
same-originsince Django 3.1.I think we should:
SECURE_REFERRER_POLICYto any of the supported values.SECURE_REFERRER_POLICYhas been set to a value that breaks the integration.