[tahoe-lafs-trac-stream] [tahoe-lafs] #127: Cap URLs leaked via HTTP Referer header

tahoe-lafs trac at tahoe-lafs.org
Thu Sep 13 03:38:36 UTC 2012


#127: Cap URLs leaked via HTTP Referer header
-------------------------+-------------------------------------------------
     Reporter:  warner   |      Owner:  davidsarah
         Type:  defect   |     Status:  assigned
     Priority:  major    |  Milestone:  1.11.0
    Component:  code-    |    Version:  0.7.0
  frontend-web           |   Keywords:  confidentiality integrity
   Resolution:           |  preservation capleak
Launchpad Bug:           |
-------------------------+-------------------------------------------------

Comment (by davidsarah):

 I wrote up a spec for a new Content-Security-Policy directive that would
 allow us (or any server operator) to completely block Referer leakage.
 I'll attach it here.

-- 
Ticket URL: <https://tahoe-lafs.org/trac/tahoe-lafs/ticket/127#comment:31>
tahoe-lafs <https://tahoe-lafs.org>
secure decentralized storage


More information about the tahoe-lafs-trac-stream mailing list