Re: [GMG-Devel] [PATCH] Prevent browsers sending referrer headers

mediagoblin-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [GMG-Devel] [PATCH] Prevent browsers sending referrer headers

From:	Christopher Allan Webber
Subject:	Re: [GMG-Devel] [PATCH] Prevent browsers sending referrer headers
Date:	Fri, 31 Jul 2015 16:24:00 -0500

Berker Peksağ writes:

> On Fri, Jul 24, 2015 at 4:42 AM, Duncan <address@hidden> wrote:
>> Hi MediaGoblin community,
>>
>> I've got a one-line patch for MediaGoblin but I see that you're having
>> issues with spam on Trac, maybe discussing here is easier?
>>
>> This change prevents browsers sending Referrer headers from MediaGoblin.
>> It fixes the scenario where a user clicks an external link in a
>> description field or comment, resulting in their browser revealing their
>> MediaGoblin instance and media URL to that site.
>>
>> I think this is a safer default because users might not expect to reveal
>> their private MediaGoblin instance simply by following a link. (For
>> public instances users might not be concerned either way.)
>
> Thanks for the patch, Duncan. Perhaps we can make this configurable by
> adding a setting no_referrer (or a different name).
>
> --Berker

I think this is a good idea.

Duncan, maybe consider writing another version of this patch with this
modification?

 - Chris

[Prev in Thread]

Current Thread

[Next in Thread]

[GMG-Devel] [PATCH] Prevent browsers sending referrer headers, Duncan, 2015/07/23
- Re: [GMG-Devel] [PATCH] Prevent browsers sending referrer headers, Berker Peksağ, 2015/07/24
  - Re: [GMG-Devel] [PATCH] Prevent browsers sending referrer headers, Christopher Allan Webber <=

Prev by Date: Re: [GMG-Devel] Goblinoid 0.1 Release!
Next by Date: Re: [GMG-Devel] Trac Spam Information from People at #trac on IRC
Previous by thread: Re: [GMG-Devel] [PATCH] Prevent browsers sending referrer headers
Next by thread: [GMG-Devel] GMG Bug Triage Day (Thu July 30, 2015 00:00)
Index(es):
- Date
- Thread