Same issue in Strapi v4.6.0. My solution is the following:
Admin webpages output Referrer-Policy: no-referrer header due to the default config of strapi::security middleware. So we need to update its referrerPolicy in ./config/middlewares.js file:
// before
module.exports = [
'...',
'strapi::security',
'...',
]
// before
module.exports = [
'...',
{
name: 'strapi::security',
config: {
referrerPolicy: {
policy: 'origin-when-cross-origin',
},
},
},
'...',
]