Roundup Tracker - Issues

Issue 2551088

Add norefererer to link representation
Type: security Severity: normal
Components: Web interface Versions: devel
Status: new
: : rouilj
Priority: : Effort-Low, StarterTicket

Created on 2020-08-13 02:57 by rouilj, last changed 2021-11-02 03:07 by rouilj.

msg6941 Author: [hidden] (rouilj) Date: 2020-08-13 02:57

We already use:

  nofollow noopener

for links to reduce the utility of spamming a tracker (nofollow) and
prevent a link opened from a tracker from interacting with the tracker
via the opener handle. Adding noreferrer implements noopener for IE
and also prevents the referer (sic) header from being sent to the
server for the link.

So this is an incremental improvement to what we have.

I don't like loosing the referer header as that could be useful to the
destination web site. But IE won't die.

This is as easy as finding all instances of noopener and adding 
Date User Action Args
2021-11-02 03:07:49rouiljsetkeywords: + StarterTicket
2021-08-21 19:25:27rouiljsetmessages: - msg6942
2020-08-13 04:14:51rouiljsetmessages: + msg6942
2020-08-13 02:57:34rouiljcreate