Issue 2551088: Add norefererer to link representation

classification

Title:	Add norefererer to link representation
Type:	security	Severity:	normal
Components:	Web interface	Versions:	devel

process

Status:	new	Resolution:
Dependencies		Superseder:
Assigned To:		Nosy List:	rouilj
Priority:		Keywords:	Effort-Low

Created on 2020-08-13 02:57 by rouilj, last changed 2021-08-21 19:25 by rouilj.

Messages
msg6941	Author: [hidden] (rouilj)	Date: 2020-08-13 02:57
See: https://html.spec.whatwg.org/multipage/links.html#link-type-noreferrer We already use: nofollow noopener for links to reduce the utility of spamming a tracker (nofollow) and prevent a link opened from a tracker from interacting with the tracker via the opener handle. Adding noreferrer implements noopener for IE and also prevents the referer (sic) header from being sent to the server for the link. So this is an incremental improvement to what we have. I don't like loosing the referer header as that could be useful to the destination web site. But IE won't die. This is as easy as finding all instances of noopener and adding noreferrer.

msg6941

Author: [hidden] (rouilj)

Date: 2020-08-13 02:57

See: https://html.spec.whatwg.org/multipage/links.html#link-type-noreferrer

We already use:

  nofollow noopener

for links to reduce the utility of spamming a tracker (nofollow) and
prevent a link opened from a tracker from interacting with the tracker
via the opener handle. Adding noreferrer implements noopener for IE
and also prevents the referer (sic) header from being sent to the
server for the link.

So this is an incremental improvement to what we have.

I don't like loosing the referer header as that could be useful to the
destination web site. But IE won't die.

This is as easy as finding all instances of noopener and adding 
noreferrer.

History
Date	User	Action	Args
2021-08-21 19:25:27	rouilj	set	messages: - msg6942
2020-08-13 04:14:51	rouilj	set	messages: + msg6942
2020-08-13 02:57:34	rouilj	create

Roundup Tracker - Issues

Issue 2551088