Roundup Tracker - Issues

Issue 2551088

classification
Add norefererer to link representation
Type: security Severity: normal
Components: Web interface Versions: devel
process
Status: new
:
: : rouilj
Priority: : Effort-Low

Created on 2020-08-13 02:57 by rouilj, last changed 2021-08-21 19:25 by rouilj.

Messages
msg6941 Author: [hidden] (rouilj) Date: 2020-08-13 02:57
See: https://html.spec.whatwg.org/multipage/links.html#link-type-noreferrer

We already use:

  nofollow noopener

for links to reduce the utility of spamming a tracker (nofollow) and
prevent a link opened from a tracker from interacting with the tracker
via the opener handle. Adding noreferrer implements noopener for IE
and also prevents the referer (sic) header from being sent to the
server for the link.

So this is an incremental improvement to what we have.

I don't like loosing the referer header as that could be useful to the
destination web site. But IE won't die.

This is as easy as finding all instances of noopener and adding 
noreferrer.
History
Date User Action Args
2021-08-21 19:25:27rouiljsetmessages: - msg6942
2020-08-13 04:14:51rouiljsetmessages: + msg6942
2020-08-13 02:57:34rouiljcreate