[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [GMG-Devel] [PATCH] Prevent browsers sending referrer headers
From: |
Christopher Allan Webber |
Subject: |
Re: [GMG-Devel] [PATCH] Prevent browsers sending referrer headers |
Date: |
Fri, 31 Jul 2015 16:24:00 -0500 |
Berker Peksağ writes:
> On Fri, Jul 24, 2015 at 4:42 AM, Duncan <address@hidden> wrote:
>> Hi MediaGoblin community,
>>
>> I've got a one-line patch for MediaGoblin but I see that you're having
>> issues with spam on Trac, maybe discussing here is easier?
>>
>> This change prevents browsers sending Referrer headers from MediaGoblin.
>> It fixes the scenario where a user clicks an external link in a
>> description field or comment, resulting in their browser revealing their
>> MediaGoblin instance and media URL to that site.
>>
>> I think this is a safer default because users might not expect to reveal
>> their private MediaGoblin instance simply by following a link. (For
>> public instances users might not be concerned either way.)
>
> Thanks for the patch, Duncan. Perhaps we can make this configurable by
> adding a setting no_referrer (or a different name).
>
> --Berker
I think this is a good idea.
Duncan, maybe consider writing another version of this patch with this
modification?
- Chris