add referer policy

src/libs/http.ts

@@ -28,9 +28,26 @@ try {
   console.error(error.message);
 }
 // */
+const policies = [
+  // Referer will never be set.
+  // 'no-referrer',
 
+  // Referer will be set to just the origin except when navigating from HTTPS to HTTP,
+  // in which case no Referer is sent.
+  // 'strict-origin',
+
+  // Full Referer for same-origin requests, and bare origin for cross-origin requests.
+  // 'origin-when-cross-origin',
+
+  // Full Referer for same-origin requests, and bare origin for cross-origin requests
+  // except when navigating from HTTPS to HTTP, in which case no Referer is sent.
+  // 'strict-origin-when-cross-origin',
+
+  // Full Referer for all requests, whether same- or cross-origin.
+  'unsafe-url'
+];
 export async function get(url: string) {
-  return (await fetch(url)).json();
+  return (await fetch(url, {referrerPolicy: policies})).json();
 }
 
 export async function post(url: string, data: any) {
@@ -38,7 +55,7 @@ export async function post(url: string, data: any) {
     method: 'POST', // *GET, POST, PUT, DELETE, etc.
     // mode: 'cors', // no-cors, *cors, same-origin
     // credentials: 'same-origin', // redirect: 'follow', // manual, *follow, error
-    // referrerPolicy: 'origin', // no-referrer, *no-referrer-when-downgrade, origin, origin-when-cross-origin, same-origin, strict-origin, strict-origin-when-cross-origin, unsafe-url
+    referrerPolicy: 'unsafe-url', // no-referrer, *no-referrer-when-downgrade, origin, origin-when-cross-origin, same-origin, strict-origin, strict-origin-when-cross-origin, unsafe-url
     headers: {
       'Content-Type': 'application/json',
       Accept: '*/*',