mediagoblin-devel
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [GMG-Devel] [PATCH] Prevent browsers sending referrer headers


From: Berker Peksağ
Subject: Re: [GMG-Devel] [PATCH] Prevent browsers sending referrer headers
Date: Fri, 24 Jul 2015 10:01:43 +0300

On Fri, Jul 24, 2015 at 4:42 AM, Duncan <address@hidden> wrote:
> Hi MediaGoblin community,
>
> I've got a one-line patch for MediaGoblin but I see that you're having
> issues with spam on Trac, maybe discussing here is easier?
>
> This change prevents browsers sending Referrer headers from MediaGoblin.
> It fixes the scenario where a user clicks an external link in a
> description field or comment, resulting in their browser revealing their
> MediaGoblin instance and media URL to that site.
>
> I think this is a safer default because users might not expect to reveal
> their private MediaGoblin instance simply by following a link. (For
> public instances users might not be concerned either way.)

Thanks for the patch, Duncan. Perhaps we can make this configurable by
adding a setting no_referrer (or a different name).

--Berker


reply via email to

[Prev in Thread] Current Thread [Next in Thread]