[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [GMG-Devel] [PATCH] Prevent browsers sending referrer headers

From: Christopher Allan Webber
Subject: Re: [GMG-Devel] [PATCH] Prevent browsers sending referrer headers
Date: Fri, 31 Jul 2015 16:24:00 -0500

Berker Peksağ writes:

> On Fri, Jul 24, 2015 at 4:42 AM, Duncan <address@hidden> wrote:
>> Hi MediaGoblin community,
>> I've got a one-line patch for MediaGoblin but I see that you're having
>> issues with spam on Trac, maybe discussing here is easier?
>> This change prevents browsers sending Referrer headers from MediaGoblin.
>> It fixes the scenario where a user clicks an external link in a
>> description field or comment, resulting in their browser revealing their
>> MediaGoblin instance and media URL to that site.
>> I think this is a safer default because users might not expect to reveal
>> their private MediaGoblin instance simply by following a link. (For
>> public instances users might not be concerned either way.)
> Thanks for the patch, Duncan. Perhaps we can make this configurable by
> adding a setting no_referrer (or a different name).
> --Berker

I think this is a good idea.

Duncan, maybe consider writing another version of this patch with this

 - Chris

reply via email to

[Prev in Thread] Current Thread [Next in Thread]