[tahoe-lafs-trac-stream] [tahoe-lafs] #1890: submit proposal for restrict-referrer-leakage to the CSP standardizers and implementors
tahoe-lafs
trac at tahoe-lafs.org
Thu Dec 6 11:27:06 UTC 2012
#1890: submit proposal for restrict-referrer-leakage to the CSP standardizers and
implementors
-------------------------+--------------------------------
Reporter: zooko | Owner: davidsarah
Type: task | Status: assigned
Priority: normal | Milestone: soon (release n/a)
Component: unknown | Version: 1.9.2
Resolution: | Keywords: referer referrer
Launchpad Bug: |
-------------------------+--------------------------------
Comment (by ChosenOne):
I am using refcontrol for a few years now. only had problems with pictures
on one German site, that nobody uses anymore anyway. I am also using the
setting that sends "just the domain part" - but note that it sends the
domain of the current(!) host, not of the referring site. This means that
when I go from example.com to other.com, Firefox will tell other.com that
you have just come from other.com.
Now, that I think of it, this add-on might break naive CSRF-mitigations
that check whether the Referer header matches the current domain
--
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/1890#comment:4>
tahoe-lafs <https://tahoe-lafs.org>
secure decentralized storage
More information about the tahoe-lafs-trac-stream
mailing list